Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-20346

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Dec, 2018 | 21:00
Updated At-05 Aug, 2024 | 11:58
Rejected At-
Credits

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Dec, 2018 | 21:00
Updated At:05 Aug, 2024 | 11:58
Rejected At:
▼CVE Numbering Authority (CNA)

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://worthdoingbadly.com/sqlitebug/
x_refsource_MISC
https://support.apple.com/HT209446
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1659379
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1659677
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html
mailing-list
x_refsource_MLIST
https://www.synology.com/security/advisory/Synology_SA_18_61
x_refsource_CONFIRM
https://access.redhat.com/articles/3758321
x_refsource_MISC
https://support.apple.com/HT209443
x_refsource_CONFIRM
https://blade.tencent.com/magellan/index_en.html
x_refsource_MISC
https://support.apple.com/HT209451
x_refsource_CONFIRM
https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
x_refsource_MISC
https://news.ycombinator.com/item?id=18685296
x_refsource_MISC
https://support.apple.com/HT209450
x_refsource_CONFIRM
https://sqlite.org/src/info/940f2adc8541a838
x_refsource_MISC
https://support.apple.com/HT209448
x_refsource_CONFIRM
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
x_refsource_MISC
https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html
x_refsource_MISC
http://www.securityfocus.com/bid/106323
vdb-entry
x_refsource_BID
https://crbug.com/900910
x_refsource_MISC
https://sqlite.org/src/info/d44318f59044162e
x_refsource_MISC
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
vendor-advisory
x_refsource_FREEBSD
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
x_refsource_MISC
https://www.sqlite.org/releaselog/3_25_3.html
x_refsource_MISC
https://support.apple.com/HT209447
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201904-21
vendor-advisory
x_refsource_GENTOO
https://usn.ubuntu.com/4019-1/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4019-2/
vendor-advisory
x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
mailing-list
x_refsource_MLIST
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
x_refsource_CONFIRM
Hyperlink: https://worthdoingbadly.com/sqlitebug/
Resource:
x_refsource_MISC
Hyperlink: https://support.apple.com/HT209446
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
Resource:
x_refsource_MISC
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
Resource:
x_refsource_MISC
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_18_61
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/articles/3758321
Resource:
x_refsource_MISC
Hyperlink: https://support.apple.com/HT209443
Resource:
x_refsource_CONFIRM
Hyperlink: https://blade.tencent.com/magellan/index_en.html
Resource:
x_refsource_MISC
Hyperlink: https://support.apple.com/HT209451
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
Resource:
x_refsource_MISC
Hyperlink: https://news.ycombinator.com/item?id=18685296
Resource:
x_refsource_MISC
Hyperlink: https://support.apple.com/HT209450
Resource:
x_refsource_CONFIRM
Hyperlink: https://sqlite.org/src/info/940f2adc8541a838
Resource:
x_refsource_MISC
Hyperlink: https://support.apple.com/HT209448
Resource:
x_refsource_CONFIRM
Hyperlink: https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
Resource:
x_refsource_MISC
Hyperlink: https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/106323
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://crbug.com/900910
Resource:
x_refsource_MISC
Hyperlink: https://sqlite.org/src/info/d44318f59044162e
Resource:
x_refsource_MISC
Hyperlink: https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Resource:
x_refsource_MISC
Hyperlink: https://www.sqlite.org/releaselog/3_25_3.html
Resource:
x_refsource_MISC
Hyperlink: https://support.apple.com/HT209447
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201904-21
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://usn.ubuntu.com/4019-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://usn.ubuntu.com/4019-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://worthdoingbadly.com/sqlitebug/
x_refsource_MISC
x_transferred
https://support.apple.com/HT209446
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1659379
x_refsource_MISC
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1659677
x_refsource_MISC
x_transferred
https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html
mailing-list
x_refsource_MLIST
x_transferred
https://www.synology.com/security/advisory/Synology_SA_18_61
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/articles/3758321
x_refsource_MISC
x_transferred
https://support.apple.com/HT209443
x_refsource_CONFIRM
x_transferred
https://blade.tencent.com/magellan/index_en.html
x_refsource_MISC
x_transferred
https://support.apple.com/HT209451
x_refsource_CONFIRM
x_transferred
https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
x_refsource_MISC
x_transferred
https://news.ycombinator.com/item?id=18685296
x_refsource_MISC
x_transferred
https://support.apple.com/HT209450
x_refsource_CONFIRM
x_transferred
https://sqlite.org/src/info/940f2adc8541a838
x_refsource_MISC
x_transferred
https://support.apple.com/HT209448
x_refsource_CONFIRM
x_transferred
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
x_refsource_MISC
x_transferred
https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/106323
vdb-entry
x_refsource_BID
x_transferred
https://crbug.com/900910
x_refsource_MISC
x_transferred
https://sqlite.org/src/info/d44318f59044162e
x_refsource_MISC
x_transferred
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
x_refsource_MISC
x_transferred
https://www.sqlite.org/releaselog/3_25_3.html
x_refsource_MISC
x_transferred
https://support.apple.com/HT209447
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201904-21
vendor-advisory
x_refsource_GENTOO
x_transferred
https://usn.ubuntu.com/4019-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4019-2/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
x_transferred
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
mailing-list
x_refsource_MLIST
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
x_refsource_CONFIRM
x_transferred
Hyperlink: https://worthdoingbadly.com/sqlitebug/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/HT209446
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_18_61
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/articles/3758321
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/HT209443
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://blade.tencent.com/magellan/index_en.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/HT209451
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://news.ycombinator.com/item?id=18685296
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/HT209450
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://sqlite.org/src/info/940f2adc8541a838
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/HT209448
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/106323
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://crbug.com/900910
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://sqlite.org/src/info/d44318f59044162e
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.sqlite.org/releaselog/3_25_3.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/HT209447
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201904-21
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://usn.ubuntu.com/4019-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://usn.ubuntu.com/4019-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Dec, 2018 | 21:29
Updated At:07 Nov, 2023 | 02:56

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
sqlite
sqlite
>>sqlite>>Versions before 3.25.3(exclusive)
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>Versions before 71.0.3578.80(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>linux>>6.0
cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>42.3
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.htmlcve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/106323cve@mitre.org
Third Party Advisory
VDB Entry
https://access.redhat.com/articles/3758321cve@mitre.org
Third Party Advisory
https://blade.tencent.com/magellan/index_en.htmlcve@mitre.org
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1659379cve@mitre.org
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1659677cve@mitre.org
Issue Tracking
Third Party Advisory
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.htmlcve@mitre.org
Third Party Advisory
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786ecve@mitre.org
Third Party Advisory
https://crbug.com/900910cve@mitre.org
Permissions Required
Third Party Advisory
https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.htmlcve@mitre.org
Exploit
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365cve@mitre.org
N/A
https://lists.debian.org/debian-lts-announce/2018/12/msg00012.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.htmlcve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/cve@mitre.org
N/A
https://news.ycombinator.com/item?id=18685296cve@mitre.org
Third Party Advisory
https://security.gentoo.org/glsa/201904-21cve@mitre.org
Third Party Advisory
https://sqlite.org/src/info/940f2adc8541a838cve@mitre.org
Patch
Third Party Advisory
https://sqlite.org/src/info/d44318f59044162ecve@mitre.org
Patch
Third Party Advisory
https://support.apple.com/HT209443cve@mitre.org
N/A
https://support.apple.com/HT209446cve@mitre.org
N/A
https://support.apple.com/HT209447cve@mitre.org
N/A
https://support.apple.com/HT209448cve@mitre.org
N/A
https://support.apple.com/HT209450cve@mitre.org
N/A
https://support.apple.com/HT209451cve@mitre.org
N/A
https://usn.ubuntu.com/4019-1/cve@mitre.org
N/A
https://usn.ubuntu.com/4019-2/cve@mitre.org
N/A
https://worthdoingbadly.com/sqlitebug/cve@mitre.org
Exploit
Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asccve@mitre.org
Third Party Advisory
https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.htmlcve@mitre.org
N/A
https://www.oracle.com/security-alerts/cpuapr2020.htmlcve@mitre.org
N/A
https://www.sqlite.org/releaselog/3_25_3.htmlcve@mitre.org
Release Notes
Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_18_61cve@mitre.org
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/106323
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/articles/3758321
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://blade.tencent.com/magellan/index_en.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://crbug.com/900910
Source: cve@mitre.org
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://news.ycombinator.com/item?id=18685296
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201904-21
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://sqlite.org/src/info/940f2adc8541a838
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://sqlite.org/src/info/d44318f59044162e
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://support.apple.com/HT209443
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/HT209446
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/HT209447
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/HT209448
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/HT209450
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/HT209451
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4019-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4019-2/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://worthdoingbadly.com/sqlitebug/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.sqlite.org/releaselog/3_25_3.html
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_18_61
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3192Records found
CVE-2011-3015
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.62% / 69.09%
||
7 Day CHG~0.00%
Published-16 Feb, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2011-3631
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-4.15% / 88.21%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:22
Updated-06 Aug, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.

Action-Not Available
Vendor-hardlink_projecthardlinkDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxenterprise_linuxhardlinkhardlink
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-32545
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.33%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxenterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-5159
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.58%
||
7 Day CHG~0.00%
Published-11 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-leapchromen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-0557
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 10:58
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179046129

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-6569
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-1.17% / 77.78%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-12082
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.85%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-12104
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.23% / 78.35%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-12099
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.23% / 78.35%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 04:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2011-1442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.74% / 72.01%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.74% / 72.01%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2753
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.92% / 82.59%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.

Action-Not Available
Vendor-gaia-gisn/aDebian GNU/Linux
Product-debian_linuxfreexln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1455
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.87% / 74.24%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-1439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 47.92%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CVE-2011-1434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.23% / 88.32%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1445
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 70.84%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-1448
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0780
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.48% / 64.36%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2011-1118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1400
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.15% / 83.55%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxtex-commondebian_linuxn/a
CVE-2017-15114
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-0.70% / 70.99%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openstack_platformn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2011-1364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.03%
||
7 Day CHG~0.00%
Published-30 Oct, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

Action-Not Available
Vendor-n/aGoogle LLC
Product-app_engine_python_sdkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1484
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.20% / 78.02%
||
7 Day CHG~0.00%
Published-27 Jul, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_soa_platformjboss_enterprise_application_platformjboss_seam_2_frameworkn/a
CVE-2011-1440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.48% / 84.67%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

Action-Not Available
Vendor-n/aApple Inc.Debian GNU/LinuxGoogle LLC
Product-debian_linuxitunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2011-1449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.34% / 84.23%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-iphone_ositunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2011-0784
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.72% / 81.64%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-1613
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-0.87% / 74.28%
||
7 Day CHG~0.00%
Published-25 Jan, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2011-1441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2011-1108
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2011-1444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 70.88%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxGoogle LLC
Product-linux_kerneldebian_linuxchromen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-24616
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-3.78% / 87.60%
||
7 Day CHG~0.00%
Published-25 Aug, 2020 | 17:04
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-communications_diameter_signaling_routercommunications_contacts_servercommunications_messaging_servercommunications_offline_mediation_controlleridentity_manager_connectorsiebel_ui_frameworkactive_iq_unified_managercommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementbanking_supply_chain_financedebian_linuxblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_pricing_design_centercommunications_calendar_serverbanking_liquidity_managementcommunications_evolved_communications_application_servercommunications_unified_inventory_managementapplication_testing_suitecommunications_services_gatekeepercommunications_element_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-24379
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.01%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 18:10
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.

Action-Not Available
Vendor-yawsn/aCanonical Ltd.Debian GNU/Linux
Product-yawsdebian_linuxubuntu_linuxn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2011-1588
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.44%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 01:51
Updated-06 Aug, 2024 | 22:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

Action-Not Available
Vendor-xfcethunarDebian GNU/LinuxopenSUSE
Product-debian_linuxopensusethunarthunar
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2017-14482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.05% / 89.36%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-debian_linuxemacsn/a
CVE-2011-1305
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 53.97%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-linux_kernelmacoschromen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2011-1200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.45% / 80.00%
||
7 Day CHG~0.00%
Published-11 Mar, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2011-1447
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23803
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-1.59% / 80.92%
||
7 Day CHG+1.30%
Published-16 Feb, 2022 | 16:38
Updated-15 Apr, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-edadebian_linuxfedoraKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23804
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-1.18% / 77.88%
||
7 Day CHG+0.84%
Published-16 Feb, 2022 | 16:38
Updated-15 Apr, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-edadebian_linuxfedoraKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-0402
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.29% / 78.85%
||
7 Day CHG~0.00%
Published-11 Jan, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-dpkgn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-23946
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.77% / 72.53%
||
7 Day CHG+0.55%
Published-04 Feb, 2022 | 22:28
Updated-15 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-kicadn/aFedora ProjectDebian GNU/Linux
Product-debian_linuxfedorakicad_edaKiCad
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-0025
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.55% / 84.91%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-icedtean/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14160
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.65%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

Action-Not Available
Vendor-xiph.orgn/aDebian GNU/Linux
Product-debian_linuxlibvorbisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4199
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.81% / 73.26%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGoogle LLC
Product-debian_linuxchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4351
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.58% / 80.88%
||
7 Day CHG~0.00%
Published-20 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

Action-Not Available
Vendor-n/aRed Hat, Inc.Sun Microsystems (Oracle Corporation)
Product-icedteaopenjdkn/a
CVE-2010-3844
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.11%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 21:47
Updated-07 Aug, 2024 | 03:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.

Action-Not Available
Vendor-ettercap-projectettercapDebian GNU/Linux
Product-debian_linuxettercapettercap
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-1627
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.45%
||
7 Day CHG~0.00%
Published-14 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/LinuxopenSUSE
Product-debian_linuxopensusechromen/a
CVE-2010-4036
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.13% / 77.43%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4198
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.28% / 78.78%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-webkitgtkn/aFedora ProjectGoogle LLC
Product-fedorachromewebkitgtkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-2304
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.25%
||
7 Day CHG-0.00%
Published-05 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 63
  • 64
  • Next
Details not found