Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-2510

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Apr, 2016 | 20:00
Updated At-05 Aug, 2024 | 23:32
Rejected At-
Credits

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Apr, 2016 | 20:00
Updated At:05 Aug, 2024 | 23:32
Rejected At:
▼CVE Numbering Authority (CNA)

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://rhn.redhat.com/errata/RHSA-2016-2035.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/84139
vdb-entry
x_refsource_BID
https://access.redhat.com/errata/RHSA-2016:1135
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0540.html
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2016:1376
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0539.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3504
vendor-advisory
x_refsource_DEBIAN
http://www.securitytracker.com/id/1035440
vdb-entry
x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
vendor-advisory
x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2923-1
vendor-advisory
x_refsource_UBUNTU
https://security.gentoo.org/glsa/201607-17
vendor-advisory
x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2019:1545
vendor-advisory
x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://github.com/frohoff/ysoserial/pull/13
x_refsource_MISC
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
x_refsource_CONFIRM
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
x_refsource_CONFIRM
https://github.com/beanshell/beanshell/releases/tag/2.0b6
x_refsource_CONFIRM
https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf
x_refsource_MISC
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2035.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/84139
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1135
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0540.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1376
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0539.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2016/dsa-3504
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securitytracker.com/id/1035440
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-2923-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://security.gentoo.org/glsa/201607-17
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1545
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
Hyperlink: https://github.com/frohoff/ysoserial/pull/13
Resource:
x_refsource_MISC
Hyperlink: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/beanshell/beanshell/releases/tag/2.0b6
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://rhn.redhat.com/errata/RHSA-2016-2035.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/84139
vdb-entry
x_refsource_BID
x_transferred
https://access.redhat.com/errata/RHSA-2016:1135
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0540.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2016:1376
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0539.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2016/dsa-3504
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securitytracker.com/id/1035440
vdb-entry
x_refsource_SECTRACK
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.ubuntu.com/usn/USN-2923-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://security.gentoo.org/glsa/201607-17
vendor-advisory
x_refsource_GENTOO
x_transferred
https://access.redhat.com/errata/RHSA-2019:1545
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
x_transferred
https://github.com/frohoff/ysoserial/pull/13
x_refsource_MISC
x_transferred
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
x_refsource_CONFIRM
x_transferred
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
x_refsource_CONFIRM
x_transferred
https://github.com/beanshell/beanshell/releases/tag/2.0b6
x_refsource_CONFIRM
x_transferred
https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf
x_refsource_MISC
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2035.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/84139
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1135
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0540.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1376
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0539.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3504
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securitytracker.com/id/1035440
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2923-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201607-17
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1545
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/frohoff/ysoserial/pull/13
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/beanshell/beanshell/releases/tag/2.0b6
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Apr, 2016 | 20:59
Updated At:06 May, 2026 | 22:30

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
beanshell
beanshell
>>beanshell>>1.0
cpe:2.3:a:beanshell:beanshell:1.0:*:*:*:*:*:*:*
beanshell
beanshell
>>beanshell>>2.0
cpe:2.3:a:beanshell:beanshell:2.0:beta1:*:*:*:*:*:*
beanshell
beanshell
>>beanshell>>2.0
cpe:2.3:a:beanshell:beanshell:2.0:beta4:*:*:*:*:*:*
beanshell
beanshell
>>beanshell>>2.0
cpe:2.3:a:beanshell:beanshell:2.0:beta5:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-19Primarynvd@nist.gov
CWE ID: CWE-19
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0539.htmlcve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0540.htmlcve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2035.htmlcve@mitre.org
Third Party Advisory
http://www.debian.org/security/2016/dsa-3504cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/84139cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035440cve@mitre.org
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2923-1cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1135cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1376cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1545cve@mitre.org
Third Party Advisory
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2cedcve@mitre.org
Patch
Third Party Advisory
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49cve@mitre.org
Patch
Third Party Advisory
https://github.com/beanshell/beanshell/releases/tag/2.0b6cve@mitre.org
Patch
Third Party Advisory
https://github.com/frohoff/ysoserial/pull/13cve@mitre.org
Exploit
Third Party Advisory
https://security.gentoo.org/glsa/201607-17cve@mitre.org
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlcve@mitre.org
N/A
https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdfcve@mitre.org
Exploit
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0539.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0540.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2035.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2016/dsa-3504af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/84139af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035440af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2923-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1135af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1376af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1545af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2cedaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://github.com/beanshell/beanshell/releases/tag/2.0b6af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://github.com/frohoff/ysoserial/pull/13af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://security.gentoo.org/glsa/201607-17af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdfaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0539.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0540.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2035.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3504
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/84139
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1035440
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2923-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1135
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1376
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1545
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/beanshell/beanshell/releases/tag/2.0b6
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/frohoff/ysoserial/pull/13
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201607-17
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0539.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0540.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2035.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3504
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/84139
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1035440
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2923-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1135
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1376
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1545
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/beanshell/beanshell/releases/tag/2.0b6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/frohoff/ysoserial/pull/13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201607-17
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1480Records found
CVE-2011-1440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.48% / 85.48%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Google LLC
Product-chromedebian_linuxitunessafarin/a
CWE ID-CWE-416
Use After Free
CVE-2022-1720
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.6||MEDIUM
EPSS-0.52% / 67.01%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in function grab_file_name in vim/vim

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-debian_linuxfedoramacosvimvim/vim
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-3982
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.51% / 85.56%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-optipng_projectn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxoptipngleapopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-14934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 66.73%
||
7 Day CHG~0.00%
Published-11 Aug, 2019 | 21:28
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.

Action-Not Available
Vendor-pdfresurrect_projectn/aDebian GNU/LinuxFedora Project
Product-pdfresurrectdebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4324
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.67% / 71.51%
||
7 Day CHG~0.00%
Published-08 Jul, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

Action-Not Available
Vendor-libreofficen/aCanonical Ltd.Debian GNU/Linux
Product-libreofficedebian_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25682
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-34.29% / 97.06%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 16:28
Updated-04 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-thekelleysn/aFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxdnsmasqdnsmasq
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14498
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.58% / 69.18%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 17:35
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-vlc_media_playerdebian_linuxn/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-3822
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.35% / 57.50%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-debian_linuxandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 72.05%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGoogle LLCLinux Kernel Organization, Inc
Product-chromedebian_linuxlinux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-4002
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.87% / 92.10%
||
7 Day CHG~0.00%
Published-26 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.

Action-Not Available
Vendor-n/aCanonical Ltd.QEMUDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxqemufedoran/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-0730
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.71%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectThe Cacti Group, Inc.
Product-cactidebian_linuxfedoraCati
CWE ID-CWE-287
Improper Authentication
CVE-2011-1799
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-0.61% / 70.10%
||
7 Day CHG~0.00%
Published-16 May, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxn/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2016-3616
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.60% / 81.93%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

Action-Not Available
Vendor-libjpeg-turbon/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-libjpeg-turbodebian_linuxubuntu_linuxenterprise_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-0261
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.75%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-mac_os_xdebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14778
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 54.02%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 18:47
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-vlc_media_playerdebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2016-3630
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.19% / 90.03%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

Action-Not Available
Vendor-mercurialn/aopenSUSESUSEDebian GNU/LinuxFedora Project
Product-debian_linuxmercuriallinux_enterprise_debuginfoleapfedoralinux_enterprise_software_development_kitopensusen/a
CVE-2022-0417
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.33% / 56.19%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-3698
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-2.06% / 84.13%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.

Action-Not Available
Vendor-libndpn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_hpc_nodelibndpenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-284
Improper Access Control
CVE-2019-13741
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.43% / 80.91%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-13308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.06% / 77.89%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:53
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0392
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.16% / 36.68%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13734
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-4.67% / 89.45%
||
7 Day CHG-1.23%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-SUSEDebian GNU/LinuxOracle CorporationRed Hat, Inc.Fedora ProjectGoogle LLCopenSUSECanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxchromeopenshift_container_platformenterprise_linux_server_ausenterprise_linuxcommunications_cloud_native_core_network_repository_functionbackports_sledebian_linuxlinux_enterpriseenterprise_linux_workstationfedoraenterprise_linux_euspackage_hubenterprise_linux_server_tusenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4051
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.91% / 90.72%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.

Action-Not Available
Vendor-n/aCanonical Ltd.Squid CacheOracle Corporation
Product-ubuntu_linuxlinuxsquidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-10877
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.27%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxdebian_linuxlinux_kernelenterprise_linuxkernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-2371
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-3.45% / 87.67%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxPidgin
Product-pidgindebian_linuxubuntu_linuxPidgin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2330
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.01% / 77.31%
||
7 Day CHG~0.00%
Published-12 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.

Action-Not Available
Vendor-n/aCanonical Ltd.FFmpeg
Product-ubuntu_linuxffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-13725
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-6.98% / 91.56%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2016-2335
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-2.05% / 84.10%
||
7 Day CHG~0.00%
Published-07 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.

Action-Not Available
Vendor-7-zipn/aDebian GNU/LinuxopenSUSE
Product-debian_linux7-zipopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2828
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.02% / 83.98%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxfirefoxleapopensusen/a
CVE-2016-3068
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-5.00% / 89.82%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Action-Not Available
Vendor-mercurialn/aopenSUSESUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxenterprise_linux_servermercurialenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_debuginfoopensuseleapenterprise_linux_server_eusenterprise_linux_hpc_nodefedoraenterprise_linux_server_auslinux_enterprise_software_development_kitenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2376
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-6.73% / 91.38%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxPidgin
Product-pidgindebian_linuxubuntu_linuxPidgin
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3169
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.02% / 77.42%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe Drupal Association
Product-drupaldebian_linuxn/a
CVE-2016-2378
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-3.24% / 87.28%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxPidgin
Product-pidgindebian_linuxubuntu_linuxPidgin
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2377
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-3.24% / 87.28%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxPidgin
Product-pidgindebian_linuxubuntu_linuxPidgin
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-0359
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 39.73%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0213
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 34.91%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 00:00
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-VimDebian GNU/Linux
Product-debian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-3069
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-2.83% / 86.37%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

Action-Not Available
Vendor-mercurialn/aopenSUSESUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxenterprise_linux_servermercurialenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_debuginfoleapenterprise_linux_hpc_node_eusenterprise_linux_server_eusenterprise_linux_hpc_nodefedoraenterprise_linux_server_auslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 66.58%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 17:33
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-vlc_media_playerdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-2118
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-78.52% / 99.06%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxSamba
Product-debian_linuxsambaubuntu_linuxn/a
CVE-2016-3105
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.18% / 79.00%
||
7 Day CHG~0.00%
Published-09 May, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

Action-Not Available
Vendor-mercurialn/aDebian GNU/Linux
Product-debian_linuxmercurialn/a
CWE ID-CWE-284
Improper Access Control
CVE-2019-13300
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 41.55%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:52
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-3171
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-8.22% / 92.31%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Action-Not Available
Vendor-n/aThe Drupal AssociationThe PHP GroupDebian GNU/Linux
Product-drupaldebian_linuxphpn/a
CVE-2022-0572
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.77% / 82.88%
||
7 Day CHG~0.00%
Published-13 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.96%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 18:16
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().

Action-Not Available
Vendor-pdfresurrect_projectn/aDebian GNU/LinuxFedora Project
Product-pdfresurrectdebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2818
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.25%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSENovellRed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-suse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systemsenterprise_linux_desktopenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_for_ibm_z_systems_eusfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_package_hub_for_suse_linux_enterprisesuse_linux_enterprise_serverleapenterprise_linux_for_scientific_computingenterprise_linux_for_power_little_endian_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.51% / 85.59%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

Action-Not Available
Vendor-libavn/aFFmpegopenSUSEDebian GNU/Linux
Product-leapdebian_linuxlibavffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2815
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.47%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSENovellMozilla Corporation
Product-suse_linux_enterprise_software_development_kitfirefoxubuntu_linuxsuse_linux_enterprise_serverleapsuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2819
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-64.66% / 98.48%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxfirefoxleapopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2347
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.92%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

Action-Not Available
Vendor-lhasa_projectn/aDebian GNU/LinuxopenSUSE
Product-leapdebian_linuxlhasaopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-2326
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.07% / 78.00%
||
7 Day CHG~0.00%
Published-12 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

Action-Not Available
Vendor-n/aCanonical Ltd.FFmpegDebian GNU/Linux
Product-debian_linuxubuntu_linuxffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 29
  • 30
  • Next
Details not found