Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-1000251

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-12 Sep, 2017 | 17:00
Updated At-05 Aug, 2024 | 22:00
Rejected At-
Credits

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:12 Sep, 2017 | 17:00
Updated At:05 Aug, 2024 | 22:00
Rejected At:
▼CVE Numbering Authority (CNA)

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2017:2732
vendor-advisory
x_refsource_REDHAT
https://www.exploit-db.com/exploits/42762/
exploit
x_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2017:2705
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2683
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2704
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2682
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/vulnerabilities/blueborne
x_refsource_CONFIRM
https://www.armis.com/blueborne
x_refsource_MISC
http://www.securitytracker.com/id/1039373
vdb-entry
x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:2731
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3981
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2706
vendor-advisory
x_refsource_REDHAT
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
x_refsource_CONFIRM
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
x_refsource_MISC
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100809
vdb-entry
x_refsource_BID
https://www.kb.cert.org/vuls/id/240311
third-party-advisory
x_refsource_CERT-VN
https://access.redhat.com/errata/RHSA-2017:2681
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2679
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2680
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2707
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2732
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.exploit-db.com/exploits/42762/
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2705
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2683
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2704
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2682
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/vulnerabilities/blueborne
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.armis.com/blueborne
Resource:
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id/1039373
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2731
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2017/dsa-3981
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2706
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
Resource:
x_refsource_MISC
Hyperlink: http://nvidia.custhelp.com/app/answers/detail/a_id/4561
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/100809
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.kb.cert.org/vuls/id/240311
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2681
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2679
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2680
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2707
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2017:2732
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.exploit-db.com/exploits/42762/
exploit
x_refsource_EXPLOIT-DB
x_transferred
https://access.redhat.com/errata/RHSA-2017:2705
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2683
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2704
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2682
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/security/vulnerabilities/blueborne
x_refsource_CONFIRM
x_transferred
https://www.armis.com/blueborne
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id/1039373
vdb-entry
x_refsource_SECTRACK
x_transferred
https://access.redhat.com/errata/RHSA-2017:2731
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2017/dsa-3981
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:2706
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
x_refsource_CONFIRM
x_transferred
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
x_refsource_MISC
x_transferred
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/100809
vdb-entry
x_refsource_BID
x_transferred
https://www.kb.cert.org/vuls/id/240311
third-party-advisory
x_refsource_CERT-VN
x_transferred
https://access.redhat.com/errata/RHSA-2017:2681
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2679
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2680
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2707
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2732
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/42762/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2705
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2683
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2704
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2682
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/security/vulnerabilities/blueborne
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.armis.com/blueborne
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039373
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2731
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2017/dsa-3981
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2706
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://nvidia.custhelp.com/app/answers/detail/a_id/4561
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/100809
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/240311
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2681
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2679
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2680
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2707
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:12 Sep, 2017 | 17:29
Updated At:20 Apr, 2025 | 01:37

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.7HIGH
AV:A/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.7
Base severity: HIGH
Vector:
AV:A/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 2.6.32(inclusive) to 3.2.94(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 3.3(inclusive) to 3.16.49(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 3.17(inclusive) to 3.18.71(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 3.19(inclusive) to 4.1.45(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 4.2(inclusive) to 4.4.88(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 4.5(inclusive) to 4.9.50(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 4.10(inclusive) to 4.12.13(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 4.13(inclusive) to 4.13.2(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tk1>>r21
cpe:2.3:a:nvidia:jetson_tk1:r21:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tk1>>r24
cpe:2.3:a:nvidia:jetson_tk1:r24:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx1>>r21
cpe:2.3:a:nvidia:jetson_tx1:r21:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx1>>r24
cpe:2.3:a:nvidia:jetson_tx1:r24:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>6.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>6.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>6.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>6.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.2
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>6.5
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>6.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://nvidia.custhelp.com/app/answers/detail/a_id/4561cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2017/dsa-3981cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/100809cve@mitre.org
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039373cve@mitre.org
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2679cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2680cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2681cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2682cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2683cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2704cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2705cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2706cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2707cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2731cve@mitre.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2732cve@mitre.org
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/bluebornecve@mitre.org
Third Party Advisory
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fecve@mitre.org
Patch
Third Party Advisory
https://www.armis.com/bluebornecve@mitre.org
Third Party Advisory
https://www.exploit-db.com/exploits/42762/cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/240311cve@mitre.org
Third Party Advisory
US Government Resource
https://www.synology.com/support/security/Synology_SA_17_52_BlueBornecve@mitre.org
Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2017/dsa-3981af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/100809af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039373af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2679af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2680af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2681af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2682af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2683af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2704af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2705af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2706af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2707af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2731af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2732af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/blueborneaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459feaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.armis.com/blueborneaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.exploit-db.com/exploits/42762/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/240311af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorneaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://nvidia.custhelp.com/app/answers/detail/a_id/4561
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2017/dsa-3981
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/100809
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039373
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2679
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2680
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2681
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2682
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2683
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2704
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2705
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2706
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2707
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2731
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2732
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/security/vulnerabilities/blueborne
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.armis.com/blueborne
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/42762/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.kb.cert.org/vuls/id/240311
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://nvidia.custhelp.com/app/answers/detail/a_id/4561
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2017/dsa-3981
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/100809
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039373
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2679
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2680
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2681
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2682
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2683
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2704
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2705
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2706
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2707
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2731
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2732
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/security/vulnerabilities/blueborne
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.armis.com/blueborne
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/42762/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.kb.cert.org/vuls/id/240311
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1594Records found
CVE-2020-14403
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.97% / 75.68%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:12
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3070
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.77%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2986
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-34.47% / 96.85%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3069
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.77%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3100
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-1.88% / 82.40%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 26.0.0.131 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2923
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-4.75% / 89.01%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxFreeXL (Alessandro Furieri)
Product-freexldebian_linuxFreeXL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3775
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Action-Not Available
Vendor-n/aRed Hat, Inc.GNU
Product-enterprise_linuxgrub2grub2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2834
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.23% / 78.34%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.

Action-Not Available
Vendor-FreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxFreeRDP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3072
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.77%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2996
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.17% / 77.77%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14404
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.00% / 76.04%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:11
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2988
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-40.87% / 97.28%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2999
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.13%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-14386
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.55% / 66.90%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 12:48
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

Action-Not Available
Vendor-Linux KernelLinux Kernel Organization, IncopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoraleapkernel
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2924
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-4.75% / 89.01%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxFreeXL (Alessandro Furieri)
Product-freexldebian_linuxFreeXL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2990
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.44%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37434
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.68% / 99.74%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 00:00
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Action-Not Available
Vendor-stormshieldzlibn/aNetApp, Inc.Debian GNU/LinuxFedora ProjectApple Inc.
Product-active_iq_unified_managerwatchosh500shci_compute_nodeh700sstoragegriddebian_linuxh300s_firmwareh300smanagement_services_for_element_softwareh500s_firmwareoncommand_workflow_automationhcih700s_firmwareipadosstormshield_network_securityiphone_osfedorazlibontap_select_deploy_administration_utilitymacosn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2925
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.06% / 76.74%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2835
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.72% / 71.49%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.

Action-Not Available
Vendor-FreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxFreeRDP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2885
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-9.38% / 92.46%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Action-Not Available
Vendor-The GNOME ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoplibsouplibsoup
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2933
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-34.47% / 96.85%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2927
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.31% / 78.95%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2926
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.07% / 76.80%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3099
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.86% / 82.30%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 26.0.0.131 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2931
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-40.87% / 97.28%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3074
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.77%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3737
Matching Score-6
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-6
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-31.23% / 96.60%
||
7 Day CHG~0.00%
Published-07 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

Action-Not Available
Vendor-OpenSSLDebian GNU/Linux
Product-openssldebian_linuxOpenSSL
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2984
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.73% / 90.89%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2992
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-34.47% / 96.85%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2862
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-8.02% / 91.74%
||
7 Day CHG~0.00%
Published-05 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxThe GNOME Project
Product-gdk-pixbufdebian_linuxGdk-Pixbuf
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-13398
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.38% / 58.74%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 00:00
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEFreeRDPDebian GNU/Linux
Product-freerdpubuntu_linuxdebian_linuxleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2930
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-73.56% / 98.75%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2928
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.06% / 76.74%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3068
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-38.10% / 97.11%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2991
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.18% / 77.85%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2998
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.00% / 76.06%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2887
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.58%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.

Action-Not Available
Vendor-libsdlDebian GNU/LinuxTalos (Cisco Systems, Inc.)
Product-debian_linuxsdl_imageSimple Direct Media
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3626
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.24%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

Action-Not Available
Vendor-LibTIFFNetApp, Inc.Debian GNU/Linux
Product-libtiffdebian_linuxactive_iq_unified_managerlibtiff
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3598
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.94%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.

Action-Not Available
Vendor-LibTIFFNetApp, Inc.Debian GNU/Linux
Product-libtiffdebian_linuxactive_iq_unified_managerlibtiff
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2640
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.00% / 76.08%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Pidgin
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationpidginenterprise_linux_desktoppidgin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5827
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.02%
||
7 Day CHG-0.75%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Canonical Ltd.Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-5772
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3597
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.73%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

Action-Not Available
Vendor-LibTIFFNetApp, Inc.Debian GNU/Linux
Product-libtiffdebian_linuxactive_iq_unified_managerlibtiff
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12762
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.66%
||
7 Day CHG-0.01%
Published-09 May, 2020 | 00:00
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Action-Not Available
Vendor-json-cn/aDebian GNU/LinuxFedora ProjectSiemens AGCanonical Ltd.
Product-fedoradebian_linuxubuntu_linuxsinec_insjson-cn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-20006
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.42%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 02:54
Updated-05 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRARLAB (WinRAR)
Product-unrarlinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18552
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.92%
||
7 Day CHG~0.00%
Published-19 Aug, 2019 | 01:50
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5820
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.51% / 80.47%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-5758
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18551
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-19 Aug, 2019 | 01:51
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, Inc
Product-linux_kernelleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5815
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 00:55
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

Action-Not Available
Vendor-libxml2 (XMLSoft)Google LLCDebian GNU/Linux
Product-libxsltdebian_linuxChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 31
  • 32
  • Next
Details not found