Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-4073

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 May, 2016 | 10:00
Updated At-06 Aug, 2024 | 00:17
Rejected At-
Credits

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 May, 2016 | 10:00
Updated At:06 Aug, 2024 | 00:17
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-2952-1
vendor-advisory
x_refsource_UBUNTU
http://www.securityfocus.com/bid/85991
vdb-entry
x_refsource_BID
http://www.php.net/ChangeLog-7.php
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201611-22
vendor-advisory
x_refsource_GENTOO
https://support.apple.com/HT206567
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2750.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3560
vendor-advisory
x_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2952-2
vendor-advisory
x_refsource_UBUNTU
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
vendor-advisory
x_refsource_APPLE
https://bugs.php.net/bug.php?id=71906
x_refsource_CONFIRM
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
https://gist.github.com/smalyshev/d8355c96a657cc5dba70
x_refsource_CONFIRM
https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
vendor-advisory
x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2016/04/24/1
mailing-list
x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-2952-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securityfocus.com/bid/85991
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.php.net/ChangeLog-7.php
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/201611-22
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://support.apple.com/HT206567
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2750.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2016/dsa-3560
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.ubuntu.com/usn/USN-2952-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: https://bugs.php.net/bug.php?id=71906
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.php.net/ChangeLog-5.php
Resource:
x_refsource_CONFIRM
Hyperlink: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
Resource:
x_refsource_CONFIRM
Hyperlink: https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
Resource:
x_refsource_CONFIRM
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/24/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-2952-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securityfocus.com/bid/85991
vdb-entry
x_refsource_BID
x_transferred
http://www.php.net/ChangeLog-7.php
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/201611-22
vendor-advisory
x_refsource_GENTOO
x_transferred
https://support.apple.com/HT206567
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2750.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2016/dsa-3560
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.ubuntu.com/usn/USN-2952-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
https://bugs.php.net/bug.php?id=71906
x_refsource_CONFIRM
x_transferred
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
x_transferred
https://gist.github.com/smalyshev/d8355c96a657cc5dba70
x_refsource_CONFIRM
x_transferred
https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
x_refsource_CONFIRM
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.openwall.com/lists/oss-security/2016/04/24/1
mailing-list
x_refsource_MLIST
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2952-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securityfocus.com/bid/85991
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.php.net/ChangeLog-7.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201611-22
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://support.apple.com/HT206567
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2750.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3560
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2952-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: https://bugs.php.net/bug.php?id=71906
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.php.net/ChangeLog-5.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/24/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 May, 2016 | 11:00
Updated At:12 Apr, 2025 | 10:46

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.0
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.1
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.2
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.3
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.4
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.5
cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.6
cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.7
cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.8
cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.9
cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.10
cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.11
cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.12
cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.13
cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.14
cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.18
cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.19
cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.20
cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.21
cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.22
cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.23
cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.24
cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.25
cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.26
cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.27
cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.29
cpe:2.3:a:php:php:5.5.29:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.30
cpe:2.3:a:php:php:5.5.30:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.32
cpe:2.3:a:php:php:5.5.32:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.5.33
cpe:2.3:a:php:php:5.5.33:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.6.0
cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2016-2750.htmlcve@mitre.org
N/A
http://www.debian.org/security/2016/dsa-3560cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2016/04/24/1cve@mitre.org
N/A
http://www.php.net/ChangeLog-5.phpcve@mitre.org
N/A
http://www.php.net/ChangeLog-7.phpcve@mitre.org
N/A
http://www.securityfocus.com/bid/85991cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-2952-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-2952-2cve@mitre.org
N/A
https://bugs.php.net/bug.php?id=71906cve@mitre.org
Exploit
https://gist.github.com/smalyshev/d8355c96a657cc5dba70cve@mitre.org
N/A
https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1cve@mitre.org
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731cve@mitre.org
N/A
https://security.gentoo.org/glsa/201611-22cve@mitre.org
N/A
https://support.apple.com/HT206567cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-2750.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2016/dsa-3560af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2016/04/24/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.php.net/ChangeLog-5.phpaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.php.net/ChangeLog-7.phpaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/85991af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2952-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2952-2af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.php.net/bug.php?id=71906af854a3a-2127-422b-91ae-364da2661108
Exploit
https://gist.github.com/smalyshev/d8355c96a657cc5dba70af854a3a-2127-422b-91ae-364da2661108
N/A
https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1af854a3a-2127-422b-91ae-364da2661108
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201611-22af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/HT206567af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2750.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3560
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/24/1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.php.net/ChangeLog-5.php
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.php.net/ChangeLog-7.php
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/85991
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2952-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2952-2
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.php.net/bug.php?id=71906
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201611-22
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/HT206567
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2750.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3560
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2016/04/24/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.php.net/ChangeLog-5.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.php.net/ChangeLog-7.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/85991
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2952-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2952-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.php.net/bug.php?id=71906
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201611-22
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/HT206567
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4742Records found
CVE-2016-1088
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.11% / 89.45%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1078
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.72% / 90.08%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1084
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.11% / 89.45%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1076
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.72% / 90.08%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1128
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.11% / 89.45%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1125
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.11% / 89.45%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0951
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.55% / 94.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccmac_os_xbridge_ccn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1063
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.72% / 90.08%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1043
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-12.70% / 93.73%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0933
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.75% / 90.11%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1037
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.56% / 88.77%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0944
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.00%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1007
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-6.14% / 90.44%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0952
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.55% / 94.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccmac_os_xbridge_ccn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0946
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.00%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0945.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0953
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.55% / 94.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccmac_os_xbridge_ccn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0718
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.77% / 81.91%
||
7 Day CHG-0.05%
Published-26 May, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Action-Not Available
Vendor-libexpat_projectn/aMozilla CorporationopenSUSESUSEApple Inc.McAfee, LLCDebian GNU/LinuxPython Software FoundationCanonical Ltd.
Product-pythonstudio_onsitelibexpatpolicy_auditorfirefoxmac_os_xleapubuntu_linuxopensuselinux_enterprise_software_development_kitlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0583
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.25% / 86.62%
||
7 Day CHG~0.00%
Published-11 Nov, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8383
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.87% / 90.22%
||
7 Day CHG~0.00%
Published-02 Dec, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Action-Not Available
Vendor-pcren/aFedora ProjectThe PHP Group
Product-fedoraperl_compatible_regular_expression_libraryphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8386
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.32% / 91.30%
||
7 Day CHG~0.00%
Published-02 Dec, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Action-Not Available
Vendor-pcren/aFedora ProjectThe PHP GroupOracle Corporation
Product-linuxfedoraperl_compatible_regular_expression_libraryphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8865
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.
Product-mac_os_xphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0778
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.12% / 95.58%
||
7 Day CHG~0.00%
Published-14 Feb, 2008 | 11:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8472
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-3.20% / 86.50%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

Action-Not Available
Vendor-libpngn/aApple Inc.
Product-mac_os_xlibpngn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7987
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-3.08% / 86.25%
||
7 Day CHG~0.00%
Published-26 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

Action-Not Available
Vendor-n/aApple Inc.
Product-mdnsresponderairport_base_stationwatchosairport_base_station_firmwareiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8389
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.71% / 81.58%
||
7 Day CHG~0.00%
Published-02 Dec, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Action-Not Available
Vendor-pcren/aFedora ProjectThe PHP Group
Product-fedoraperl_compatible_regular_expression_libraryphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-185
Incorrect Regular Expression
CVE-2015-6975
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.48%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7029
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.33% / 88.46%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-airport_base_station_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6992
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.48%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7017
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.48%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5590
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-4.40% / 88.57%
||
7 Day CHG~0.00%
Published-19 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5775
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0896
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.79%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-linux_kernelopensusechromewindowsmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5776
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.02% / 86.08%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5874
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.53%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4643
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.68% / 90.86%
||
7 Day CHG-0.65%
Published-16 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupDebian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_tusenterprise_linux_workstationphpdebian_linuxlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0226
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-90.14% / 99.57%
||
7 Day CHG~0.00%
Published-10 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Action-Not Available
Vendor-mysqlyassln/aApple Inc.Oracle CorporationCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmac_os_xyasslmysqln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3798
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-22.39% / 95.61%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3773
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.16% / 83.60%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3796
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-16.07% / 94.53%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3804
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3145
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-65.09% / 98.41%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectApple Inc.HP Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.CURL
Product-solarislibcurlsystem_management_homepagefedoraopensuseubuntu_linuxcurldebian_linuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2524
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-17.64% / 94.84%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3329
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.34% / 96.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.Oracle Corporation
Product-enterprise_linuxenterprise_linux_serversolarisenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_euslinuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3307
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.63% / 92.57%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_eusmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3797
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.46%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4662
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 86.91%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 22:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4661
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.58% / 84.98%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 22:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-399
Not Available
CVE-2007-4033
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-35.03% / 96.90%
||
7 Day CHG~0.00%
Published-27 Jul, 2007 | 22:00
Updated-07 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

Action-Not Available
Vendor-t1libn/aThe PHP Group
Product-phpt1libn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0973
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-2.01% / 82.95%
||
7 Day CHG+1.21%
Published-18 Jan, 2015 | 18:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

Action-Not Available
Vendor-libpngn/aOracle CorporationApple Inc.
Product-mac_os_xsolarislibpngn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2014-9912
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 79.06%
||
7 Day CHG~0.00%
Published-04 Jan, 2017 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 94
  • 95
  • Next
Details not found