Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-2118

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-12 Apr, 2016 | 23:00
Updated At-05 Aug, 2024 | 23:17
Rejected At-
Credits

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:12 Apr, 2016 | 23:00
Updated At:05 Aug, 2024 | 23:17
Rejected At:
▼CVE Numbering Authority (CNA)

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
vendor-advisory
x_refsource_SLACKWARE
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0612.html
vendor-advisory
x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2950-1
vendor-advisory
x_refsource_UBUNTU
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0613.html
vendor-advisory
x_refsource_REDHAT
http://badlock.org/
x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2016-0621.html
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
vendor-advisory
x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2950-5
vendor-advisory
x_refsource_UBUNTU
https://www.samba.org/samba/history/samba-4.2.10.html
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
vendor-advisory
x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2016-0624.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0618.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/86002
vdb-entry
x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
vendor-advisory
x_refsource_SUSE
https://www.samba.org/samba/security/CVE-2016-2118.html
x_refsource_CONFIRM
https://www.samba.org/samba/latest_news.html#4.4.2
x_refsource_CONFIRM
http://www.securitytracker.com/id/1035533
vdb-entry
x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
vendor-advisory
x_refsource_FEDORA
https://www.kb.cert.org/vuls/id/813296
third-party-advisory
x_refsource_CERT-VN
http://rhn.redhat.com/errata/RHSA-2016-0614.html
vendor-advisory
x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0620.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0611.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
vendor-advisory
x_refsource_SUSE
https://bto.bluecoat.com/security-advisory/sa122
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2950-3
vendor-advisory
x_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0619.html
vendor-advisory
x_refsource_REDHAT
https://security.gentoo.org/glsa/201612-47
vendor-advisory
x_refsource_GENTOO
http://www.debian.org/security/2016/dsa-3548
vendor-advisory
x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0623.html
vendor-advisory
x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2950-2
vendor-advisory
x_refsource_UBUNTU
https://access.redhat.com/security/vulnerabilities/badlock
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0625.html
vendor-advisory
x_refsource_REDHAT
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
x_refsource_CONFIRM
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2950-4
vendor-advisory
x_refsource_UBUNTU
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
x_refsource_CONFIRM
Hyperlink: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0612.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/USN-2950-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0613.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://badlock.org/
Resource:
x_refsource_MISC
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0621.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-2950-5
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.samba.org/samba/history/samba-4.2.10.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0624.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0618.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/86002
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://www.samba.org/samba/security/CVE-2016-2118.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.samba.org/samba/latest_news.html#4.4.2
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1035533
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.kb.cert.org/vuls/id/813296
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0614.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0620.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0611.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bto.bluecoat.com/security-advisory/sa122
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2950-3
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0619.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://security.gentoo.org/glsa/201612-47
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.debian.org/security/2016/dsa-3548
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0623.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/USN-2950-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://access.redhat.com/security/vulnerabilities/badlock
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0625.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
Resource:
x_refsource_CONFIRM
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2950-4
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0612.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.ubuntu.com/usn/USN-2950-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0613.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://badlock.org/
x_refsource_MISC
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0621.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.ubuntu.com/usn/USN-2950-5
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.samba.org/samba/history/samba-4.2.10.html
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0624.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0618.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/86002
vdb-entry
x_refsource_BID
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://www.samba.org/samba/security/CVE-2016-2118.html
x_refsource_CONFIRM
x_transferred
https://www.samba.org/samba/latest_news.html#4.4.2
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1035533
vdb-entry
x_refsource_SECTRACK
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.kb.cert.org/vuls/id/813296
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0614.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0620.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0611.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bto.bluecoat.com/security-advisory/sa122
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2950-3
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0619.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://security.gentoo.org/glsa/201612-47
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.debian.org/security/2016/dsa-3548
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0623.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.ubuntu.com/usn/USN-2950-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://access.redhat.com/security/vulnerabilities/badlock
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0625.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
x_refsource_CONFIRM
x_transferred
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2950-4
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0612.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2950-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0613.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://badlock.org/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0621.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2950-5
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.samba.org/samba/history/samba-4.2.10.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0624.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0618.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/86002
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://www.samba.org/samba/security/CVE-2016-2118.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.samba.org/samba/latest_news.html#4.4.2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1035533
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/813296
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0614.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0620.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0611.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bto.bluecoat.com/security-advisory/sa122
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2950-3
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0619.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201612-47
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3548
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0623.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2950-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://access.redhat.com/security/vulnerabilities/badlock
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0625.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2950-4
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:12 Apr, 2016 | 23:59
Updated At:12 Apr, 2025 | 10:46

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Samba
samba
>>samba>>Versions from 3.6.0(inclusive) to 4.2.10(exclusive)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Samba
samba
>>samba>>Versions from 4.3.0(inclusive) to 4.3.7(exclusive)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Samba
samba
>>samba>>Versions from 4.4.0(inclusive) to 4.4.1(exclusive)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-254Primarynvd@nist.gov
CWE ID: CWE-254
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://badlock.org/secalert@redhat.com
Technical Description
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0611.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0612.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0613.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0614.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0618.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0619.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0620.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0621.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0623.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0624.htmlsecalert@redhat.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0625.htmlsecalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2016/dsa-3548secalert@redhat.com
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlsecalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/86002secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035533secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012secalert@redhat.com
Mailing List
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-1secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-2secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-3secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-4secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-5secalert@redhat.com
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/badlocksecalert@redhat.com
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa122secalert@redhat.com
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399secalert@redhat.com
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182secalert@redhat.com
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixessecalert@redhat.com
Third Party Advisory
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-productssecalert@redhat.com
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196secalert@redhat.com
Third Party Advisory
https://security.gentoo.org/glsa/201612-47secalert@redhat.com
Third Party Advisory
https://www.kb.cert.org/vuls/id/813296secalert@redhat.com
Third Party Advisory
US Government Resource
https://www.samba.org/samba/history/samba-4.2.10.htmlsecalert@redhat.com
Third Party Advisory
https://www.samba.org/samba/latest_news.html#4.4.2secalert@redhat.com
Vendor Advisory
https://www.samba.org/samba/security/CVE-2016-2118.htmlsecalert@redhat.com
Vendor Advisory
http://badlock.org/af854a3a-2127-422b-91ae-364da2661108
Technical Description
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0611.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0612.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0613.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0614.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0618.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0619.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0620.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0621.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0623.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0624.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0625.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2016/dsa-3548af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/86002af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035533af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-3af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-4af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-2950-5af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/badlockaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa122af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixesaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-productsaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.gentoo.org/glsa/201612-47af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.kb.cert.org/vuls/id/813296af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
https://www.samba.org/samba/history/samba-4.2.10.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.samba.org/samba/latest_news.html#4.4.2af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.samba.org/samba/security/CVE-2016-2118.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://badlock.org/
Source: secalert@redhat.com
Resource:
Technical Description
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0611.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0612.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0613.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0614.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0618.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0619.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0620.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0621.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0623.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0624.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0625.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3548
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/86002
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1035533
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-2
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-3
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-4
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-5
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/security/vulnerabilities/badlock
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bto.bluecoat.com/security-advisory/sa122
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201612-47
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.kb.cert.org/vuls/id/813296
Source: secalert@redhat.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.samba.org/samba/history/samba-4.2.10.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.samba.org/samba/latest_news.html#4.4.2
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://www.samba.org/samba/security/CVE-2016-2118.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://badlock.org/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Technical Description
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0611.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0612.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0613.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0614.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0618.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0619.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0620.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0621.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0623.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0624.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0625.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3548
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/86002
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1035533
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2950-5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/security/vulnerabilities/badlock
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bto.bluecoat.com/security-advisory/sa122
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05166182
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201612-47
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.kb.cert.org/vuls/id/813296
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.samba.org/samba/history/samba-4.2.10.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.samba.org/samba/latest_news.html#4.4.2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.samba.org/samba/security/CVE-2016-2118.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1458Records found
CVE-2017-18026
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.75% / 72.12%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 09:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.

Action-Not Available
Vendor-redminen/aDebian GNU/Linux
Product-redminedebian_linuxn/a
CVE-2017-17670
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.25% / 78.53%
||
7 Day CHG~0.00%
Published-15 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-debian_linuxvlc_media_playern/a
CWE ID-CWE-416
Use After Free
CVE-2017-17912
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.83% / 73.51%
||
7 Day CHG~0.00%
Published-26 Dec, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-23 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxmupdfn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-5829
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.15% / 83.57%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-20326
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.89% / 82.43%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 21:33
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

Action-Not Available
Vendor-linuxmintn/aThe GNOME ProjectDebian GNU/Linux
Product-gthumbdebian_linuxpixn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-17879
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.14% / 77.52%
||
7 Day CHG-0.14%
Published-24 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-4565
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.48% / 87.10%
||
7 Day CHG~0.00%
Published-25 Apr, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-ppthtmln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-4079
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.85% / 74.00%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-4062
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.36% / 79.34%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-4061
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.76% / 72.42%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-17784
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.24%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-18234
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.88%
||
7 Day CHG~0.00%
Published-15 Mar, 2018 | 19:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.

Action-Not Available
Vendor-exempi_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxexempidebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2021-4066
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.64% / 81.16%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2017-17782
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.66% / 70.15%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.89%
||
7 Day CHG~0.00%
Published-26 Dec, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5763
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-4078
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.49% / 64.56%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2013-4233
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.27% / 84.00%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-konstanty_bialkowskin/aDebian GNU/Linux
Product-debian_linuxlibmodplugn/a
CVE-2021-4064
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.87% / 82.37%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2017-17786
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 54.89%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5809
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.51% / 80.47%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-416
Use After Free
CVE-2017-17913
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.40%
||
7 Day CHG~0.00%
Published-26 Dec, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17785
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.84%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-4063
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.96% / 82.73%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2019-5824
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18266
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.38% / 79.49%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 14:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.freedesktop.org
Product-ubuntu_linuxdebian_linuxxdg-utilsn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-17789
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 65.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5783
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.83%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5836
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.04% / 83.08%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5807
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.52% / 80.52%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5759
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Apple Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeandroidenterprise_linux_workstationfedoramacosenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2017-17511
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.26%
||
7 Day CHG~0.00%
Published-14 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.

Action-Not Available
Vendor-kildclientn/aDebian GNU/Linux
Product-kildclientdebian_linuxn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-17527
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.55% / 66.79%
||
7 Day CHG~0.00%
Published-14 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used

Action-Not Available
Vendor-pasdoc_projectn/aDebian GNU/Linux
Product-debian_linuxpasdocn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-16909
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-0.58% / 68.03%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 22:00
Updated-05 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

Action-Not Available
Vendor-librawn/aCanonical Ltd.
Product-ubuntu_linuxlibrawLibRaw
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-5756
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.54% / 84.87%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2013-4243
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-18.63% / 95.02%
||
7 Day CHG~0.00%
Published-10 Sep, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17514
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.26%
||
7 Day CHG~0.00%
Published-14 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable

Action-Not Available
Vendor-nip2_projectn/anip2_projectDebian GNU/Linux
Product-nip2debian_linuxn/adebian_linuxnip2
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-5757
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2017-17500
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.19% / 83.70%
||
7 Day CHG~0.00%
Published-11 Dec, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-45078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.27%
||
7 Day CHG-0.01%
Published-15 Dec, 2021 | 19:37
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Action-Not Available
Vendor-n/aRed Hat, Inc.GNUNetApp, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxontap_select_deploy_administration_utilityfedoraenterprise_linuxbinutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-4234
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.09% / 86.25%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.

Action-Not Available
Vendor-konstanty_bialkowskin/aDebian GNU/Linux
Product-debian_linuxlibmodplugn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-5822
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.71% / 81.60%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CVE-2021-4065
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.25% / 83.92%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2017-16853
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.69% / 70.95%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.

Action-Not Available
Vendor-shibbolethn/aDebian GNU/Linux
Product-debian_linuxopensamln/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-5808
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5769
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-6128
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.52% / 84.82%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 05:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

Action-Not Available
Vendor-n/aopenSUSELibTIFFDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxlibtiffdebian_linuxleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-16043
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.17%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 17:55
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CVE-2017-16352
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-29.41% / 96.43%
||
7 Day CHG~0.00%
Published-01 Nov, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 29
  • 30
  • Next
Details not found