Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-0778

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-14 Jan, 2016 | 00:00
Updated At-05 Aug, 2024 | 22:30
Rejected At-
Credits

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:14 Jan, 2016 | 00:00
Updated At:05 Aug, 2024 | 22:30
Rejected At:
▼CVE Numbering Authority (CNA)

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
vendor-advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
N/A
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
N/A
http://www.securityfocus.com/archive/1/537295/100/0/threaded
mailing-list
https://support.apple.com/HT206167
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
N/A
http://www.openssh.com/txt/release-7.1p2
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
vendor-advisory
http://www.securityfocus.com/bid/80698
vdb-entry
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
vendor-advisory
https://bto.bluecoat.com/security-advisory/sa109
N/A
http://www.securitytracker.com/id/1034671
vdb-entry
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
vendor-advisory
https://security.gentoo.org/glsa/201601-01
vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
N/A
http://www.openwall.com/lists/oss-security/2016/01/14/7
mailing-list
http://seclists.org/fulldisclosure/2016/Jan/44
mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
vendor-advisory
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
vendor-advisory
http://www.ubuntu.com/usn/USN-2869-1
vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
N/A
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
N/A
http://www.debian.org/security/2016/dsa-3446
vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
N/A
Hyperlink: https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
Resource:
vendor-advisory
Hyperlink: https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Resource:
vendor-advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/537295/100/0/threaded
Resource:
mailing-list
Hyperlink: https://support.apple.com/HT206167
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
Resource:
vendor-advisory
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Resource: N/A
Hyperlink: http://www.openssh.com/txt/release-7.1p2
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
Resource:
vendor-advisory
Hyperlink: http://www.securityfocus.com/bid/80698
Resource:
vdb-entry
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
Resource:
vendor-advisory
Hyperlink: https://bto.bluecoat.com/security-advisory/sa109
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034671
Resource:
vdb-entry
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Resource:
vendor-advisory
Hyperlink: https://security.gentoo.org/glsa/201601-01
Resource:
vendor-advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2016/01/14/7
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2016/Jan/44
Resource:
mailing-list
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
Resource:
vendor-advisory
Hyperlink: http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
Resource:
vendor-advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2869-1
Resource:
vendor-advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3446
Resource:
vendor-advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
vendor-advisory
x_transferred
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
x_transferred
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
vendor-advisory
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
x_transferred
http://www.securityfocus.com/archive/1/537295/100/0/threaded
mailing-list
x_transferred
https://support.apple.com/HT206167
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
vendor-advisory
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
x_transferred
http://www.openssh.com/txt/release-7.1p2
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
vendor-advisory
x_transferred
http://www.securityfocus.com/bid/80698
vdb-entry
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
vendor-advisory
x_transferred
https://bto.bluecoat.com/security-advisory/sa109
x_transferred
http://www.securitytracker.com/id/1034671
vdb-entry
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
vendor-advisory
x_transferred
https://security.gentoo.org/glsa/201601-01
vendor-advisory
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
x_transferred
http://www.openwall.com/lists/oss-security/2016/01/14/7
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2016/Jan/44
mailing-list
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
vendor-advisory
x_transferred
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
vendor-advisory
x_transferred
http://www.ubuntu.com/usn/USN-2869-1
vendor-advisory
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
x_transferred
http://www.debian.org/security/2016/dsa-3446
vendor-advisory
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
x_transferred
Hyperlink: https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
Resource:
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
Resource:
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/537295/100/0/threaded
Resource:
mailing-list
x_transferred
Hyperlink: https://support.apple.com/HT206167
Resource:
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Resource:
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Resource:
x_transferred
Hyperlink: http://www.openssh.com/txt/release-7.1p2
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.securityfocus.com/bid/80698
Resource:
vdb-entry
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://bto.bluecoat.com/security-advisory/sa109
Resource:
x_transferred
Hyperlink: http://www.securitytracker.com/id/1034671
Resource:
vdb-entry
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201601-01
Resource:
vendor-advisory
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/01/14/7
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2016/Jan/44
Resource:
mailing-list
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2869-1
Resource:
vendor-advisory
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Resource:
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3446
Resource:
vendor-advisory
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:14 Jan, 2016 | 22:59
Updated At:12 Apr, 2025 | 10:46

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P
CPE Matches
Oracle Corporation
oracle
>>linux>>7
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>solaris>>11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.4
cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.4
cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.5
cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.5
cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.6
cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.6
cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.7
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.7
cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.8
cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.8
cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.9
cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>5.9
cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.0
cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.0
cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.1
cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.1
cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.2
cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.2
cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.2
cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.3
cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.3
cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.4
cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.4
cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.5
cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.5
cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.6
cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.6
cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.7
cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.7
cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.8
cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.8
cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.9
cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>6.9
cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>7.0
cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>7.0
cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>7.1
cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openssh>>7.1
cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions from 10.9.0(inclusive) to 10.9.5(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions from 10.10.0(inclusive) to 10.10.5(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions from 10.11.0(inclusive) to 10.11.3(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
HP Inc.
hp
>>virtual_customer_access_system>>Versions up to 15.07(inclusive)
cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*
Sophos Ltd.
sophos
>>unified_threat_management_software>>9.353
cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734secalert@redhat.com
Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlsecalert@redhat.com
Mailing List
Release Notes
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.htmlsecalert@redhat.com
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jan/44secalert@redhat.com
Mailing List
Third Party Advisory
http://www.debian.org/security/2016/dsa-3446secalert@redhat.com
Third Party Advisory
http://www.openssh.com/txt/release-7.1p2secalert@redhat.com
Patch
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/01/14/7secalert@redhat.com
Exploit
Mailing List
Technical Description
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlsecalert@redhat.com
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlsecalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/archive/1/537295/100/0/threadedsecalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/80698secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034671secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2869-1secalert@redhat.com
Third Party Advisory
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/secalert@redhat.com
Release Notes
Vendor Advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/secalert@redhat.com
Release Notes
Vendor Advisory
https://bto.bluecoat.com/security-advisory/sa109secalert@redhat.com
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfsecalert@redhat.com
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375secalert@redhat.com
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388secalert@redhat.com
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680secalert@redhat.com
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722secalert@redhat.com
Third Party Advisory
https://security.gentoo.org/glsa/201601-01secalert@redhat.com
Third Party Advisory
https://support.apple.com/HT206167secalert@redhat.com
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Release Notes
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jan/44af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.debian.org/security/2016/dsa-3446af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openssh.com/txt/release-7.1p2af854a3a-2127-422b-91ae-364da2661108
Patch
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/01/14/7af854a3a-2127-422b-91ae-364da2661108
Exploit
Mailing List
Technical Description
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/537295/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/80698af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034671af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2869-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://bto.bluecoat.com/security-advisory/sa109af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.gentoo.org/glsa/201601-01af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/HT206167af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Source: secalert@redhat.com
Resource:
Mailing List
Release Notes
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2016/Jan/44
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3446
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.openssh.com/txt/release-7.1p2
Source: secalert@redhat.com
Resource:
Patch
Release Notes
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/01/14/7
Source: secalert@redhat.com
Resource:
Exploit
Mailing List
Technical Description
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/537295/100/0/threaded
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/80698
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1034671
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2869-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
Source: secalert@redhat.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
Source: secalert@redhat.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://bto.bluecoat.com/security-advisory/sa109
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201601-01
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/HT206167
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Release Notes
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2016/Jan/44
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3446
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.openssh.com/txt/release-7.1p2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Release Notes
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/01/14/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mailing List
Technical Description
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/537295/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/80698
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1034671
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2869-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://bto.bluecoat.com/security-advisory/sa109
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201601-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/HT206167
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2663Records found
CVE-2016-4388
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.02% / 83.04%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2016-3506
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown Optimization 13.4 and 14.0; and Oracle Retail Merchandising System 16.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdbcn/a
CVE-2016-3487
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-4.89% / 89.17%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-webcenter_sitesn/a
CVE-2019-11957
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.1||HIGH
EPSS-2.38% / 84.35%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 15:09
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.32% / 54.51%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 19:07
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Action-Not Available
Vendor-n/aOpenBSDNetApp, Inc.Fedora ProjectOracle Corporation
Product-zfs_storage_appliancehci_storage_nodecloud_backuphci_management_nodehci_storage_node_firmwarefedoraopensshcommunications_offline_mediation_controllerhci_compute_node_firmwarehci_compute_nodesolidfiren/a
CWE ID-CWE-415
Double Free
CVE-2016-4389
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.02% / 83.04%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-3206
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-0.96% / 75.59%
||
7 Day CHG~0.00%
Published-25 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.

Action-Not Available
Vendor-n/aApple Inc.
Product-pykerberosn/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-0392
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.6||MEDIUM
EPSS-0.48% / 64.06%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Config - Scripting.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2015-0839
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-8.1||HIGH
EPSS-0.50% / 64.80%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.

Action-Not Available
Vendor-n/aHP Inc.
Product-linux_imaging_and_printingn/a
CVE-2014-6556
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.6||MEDIUM
EPSS-0.38% / 58.35%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AD_DDL.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2018-2636
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-65.87% / 98.44%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_simphonyHospitality Simphony
CVE-2016-1076
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.72% / 90.09%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1866
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-66.43% / 98.47%
||
7 Day CHG~0.00%
Published-01 Jul, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1733
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-43.82% / 97.44%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-4243
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.85% / 73.98%
||
7 Day CHG~0.00%
Published-25 Jan, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."

Action-Not Available
Vendor-n/aRealNetworks LLCMicrosoft CorporationApple Inc.
Product-realplayer_sprealplayer_enterprisewindowsrealplayerhelix_playermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1403
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-12.27% / 93.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 17:28
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1078
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.72% / 90.09%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1288
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.31% / 86.73%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1851
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-29.84% / 96.48%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1735
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-46.09% / 97.55%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1797
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-9.3||HIGH
EPSS-1.41% / 79.76%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Action-Not Available
Vendor-chromium_projectn/aMicrosoft CorporationApple Inc.
Product-windows_7chromiumwebkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1453
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.31% / 86.73%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-6270
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-8.71% / 92.14%
||
7 Day CHG~0.00%
Published-12 Sep, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aOracle CorporationSquid Cache
Product-squidsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1728
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-43.82% / 97.44%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1848
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-28.87% / 96.39%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0148
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0129
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0566
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.75% / 91.59%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0143
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0269
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-49.38% / 97.71%
||
7 Day CHG~0.00%
Published-13 Jan, 2011 | 18:35
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0117
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0241
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-7.72% / 91.57%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7imageiowindows_xpwindows_vistasafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0225
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-3.31% / 86.73%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0563
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.80% / 90.16%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0222
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-48.52% / 97.67%
||
7 Day CHG-10.38%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0133
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-1.71% / 81.57%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0118
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0193
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.16% / 77.75%
||
7 Day CHG~0.00%
Published-23 Mar, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0120
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0145
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0232
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-3.31% / 86.73%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0262
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-46.77% / 97.59%
||
7 Day CHG~0.00%
Published-13 Jan, 2011 | 18:35
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0139
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.86% / 74.15%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0126
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0250
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-5.70% / 90.06%
||
7 Day CHG~0.00%
Published-04 Aug, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7quicktimewindows_xpwindows_vistamac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0514
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-72.49% / 98.70%
||
7 Day CHG~0.00%
Published-20 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protector_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0165
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.86% / 74.15%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0156
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0127
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0151
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowswindows_7webkitwindows_xpituneswindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 53
  • 54
  • Next
Details not found