Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-0586

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-08 Jan, 2019 | 21:00
Updated At-04 Aug, 2024 | 17:51
Rejected At-
Credits

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:08 Jan, 2019 | 21:00
Updated At:04 Aug, 2024 | 17:51
Rejected At:
▼CVE Numbering Authority (CNA)

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server
Versions
Affected
  • 2016 Cumulative Update 10
  • 2016 Cumulative Update 11
  • 2019
Problem Types
TypeCWE IDDescription
textN/ARemote Code Execution
Type: text
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/106421
vdb-entry
x_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/106421
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/106421
vdb-entry
x_refsource_BID
x_transferred
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/106421
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:08 Jan, 2019 | 21:29
Updated At:24 Aug, 2020 | 17:37

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Microsoft Corporation
microsoft
>>exchange_server>>2016
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2016
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2019
cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/106421secure@microsoft.com
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/106421
Source: secure@microsoft.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

5507Records found
CVE-2019-8199
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.64% / 90.37%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:23
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7832
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.90% / 92.04%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 17:58
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsacrobat_reader_dcmac_os_xAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46258
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 83.23%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7094
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-20.61% / 95.59%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:47
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7103
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.84% / 92.01%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:26
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsshockwave_playerAdobe Shockwave Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7113
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.62%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:52
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46259
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 83.23%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46220
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 83.23%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7098
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.84% / 92.01%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:47
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsshockwave_playerAdobe Shockwave Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7102
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.53% / 91.83%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:30
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsshockwave_playerAdobe Shockwave Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7019
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.76% / 86.04%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 17:53
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7095
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-8.15% / 92.19%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:48
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-digital_editionswindowsAdobe Digital Editions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7130
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-12.30% / 93.89%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:35
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Successful exploitation could lead to remote code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridge_ccmac_os_xAdobe Bridge CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7118
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.22% / 88.78%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 17:12
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7124
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.22% / 88.78%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 17:06
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7101
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.53% / 91.83%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:28
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsshockwave_playerAdobe Shockwave Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46224
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-3.25% / 87.13%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46260
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-1.85% / 83.06%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-27 Nov, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7120
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.22% / 88.78%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 17:07
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7100
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.84% / 92.01%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:29
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsshockwave_playerAdobe Shockwave Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7039
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.74% / 86.01%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:12
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7027
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.76% / 86.04%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsacrobat_reader_dcmac_os_xAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7099
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.84% / 92.01%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:30
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsshockwave_playerAdobe Shockwave Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46261
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 83.23%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5685
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.77% / 82.69%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 19:48
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverGPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5684
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-10||CRITICAL
EPSS-2.48% / 85.32%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 19:48
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverGPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20822
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 6.11%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:49
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windows3dn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41727
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 83.23%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-avalanchewindowsWavelink
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-14491
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-57.79% / 98.18%
||
7 Day CHG-4.86%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Action-Not Available
Vendor-thekelleysn/aHuawei Technologies Co., Ltd.Debian GNU/LinuxSUSERed Hat, Inc.Aruba NetworksSynology, Inc.NVIDIA CorporationArista Networks, Inc.Canonical Ltd.openSUSEMicrosoft CorporationSiemens AG
Product-enterprise_linux_desktopruggedcom_rm1224_firmwarescalance_w1750d_firmwarescalance_s615enterprise_linux_workstationlinux_for_tegradnsmasqlinux_enterprise_serverleaprouter_managerlinux_enterprise_point_of_salearubaosenterprise_linux_serverdebian_linuxjetson_tk1scalance_s615_firmwaregeforce_experiencelinux_enterprise_debuginfoeosscalance_m-800diskstation_managerhonor_v9_play_firmwarejetson_tx1scalance_w1750druggedcom_rm1224ubuntu_linuxhonor_v9_playscalance_m-800_firmwarewindowsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19513
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.98% / 83.61%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 12:52
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.

Action-Not Available
Vendor-un4seenn/aMicrosoft Corporation
Product-windowsbassmidin/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23319
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-8.1||HIGH
EPSS-0.94% / 76.20%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:37
Updated-12 Aug, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2009-3953
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-90.51% / 99.61%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 19:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.openSUSEMicrosoft CorporationSUSE
Product-mac_os_xwindowsopensuselinux_enterpriselinux_enterprise_debuginfoacrobatn/aAcrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23318
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-8.1||HIGH
EPSS-0.21% / 43.61%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:36
Updated-12 Aug, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2009-2523
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-11.46% / 93.62%
||
7 Day CHG~0.00%
Published-11 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-4917
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.22% / 87.07%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_reader_2017acrobat_dcacrobat_2017acrobat_reader_dcwindowsmacosAdobe Acrobat and Reader 2018.009.20050 and earlier versions , 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43215
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.41% / 87.46%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution

iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-5096
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.54% / 89.19%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5098 and CVE-2015-5105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readermacosacrobat_dcwindowsacrobatn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-5105
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.54% / 89.19%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5098.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readermacosacrobat_dcwindowsacrobatn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-5098
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.54% / 89.19%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readermacosacrobat_dcwindowsacrobatn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-3043
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-87.42% / 99.46%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-17 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.openSUSEMicrosoft CorporationLinux Kernel Organization, IncNovellRed Hat, Inc.
Product-enterprise_linux_server_ausenterprise_linux_server_from_rhuienterprise_linux_serverenterprise_linux_eusevergreenenterprise_linux_desktopwindowssuse_linux_enterprise_workstation_extensionsuse_linux_enterprise_desktoplinux_kernelflash_playerenterprise_linux_workstationopensusemac_os_xn/aFlash Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24954
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 75.67%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 01:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12754
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.03% / 88.48%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2462
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-91.93% / 99.70%
||
7 Day CHG~0.00%
Published-07 Dec, 2011 | 19:00
Updated-22 Nov, 2025 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Action-Not Available
Vendor-opengroupn/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmac_os_xacrobatunixacrobat_readern/aReader and Acrobat
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0575
Matching Score-8
Assigner-Yugabyte, Inc.
ShareView Details
Matching Score-8
Assigner-Yugabyte, Inc.
CVSS Score-7.2||HIGH
EPSS-0.50% / 66.23%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 16:12
Updated-24 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0

Action-Not Available
Vendor-yugabyteYugabyteDBMicrosoft CorporationLinux Kernel Organization, IncApple Inc.
Product-iphone_oslinux_kernelwindowsmacosyugabytedbYugabyteDB
CWE ID-CWE-642
External Control of Critical State Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-19168
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.06% / 77.72%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:54
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.

Action-Not Available
Vendor-RAONWIZ (Laonwiz Co., Ltd.)Microsoft Corporation
Product-activexdext5Dext.ocx ActiveX Control in Dext5 Upload
CVE-2019-18780
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.40% / 91.06%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 19:05
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

Action-Not Available
Vendor-n/aVeritas Technologies LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-infoscalelinux_kernelcluster_serverstorage_foundation_haflex_appliancewindowsaccessaccess_appliancen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-19167
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 64.36%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:47
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft Nexacro14 ActiveX File Download Vulnerability

Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.

Action-Not Available
Vendor-tobesoftTobesoftMicrosoft Corporation
Product-windowsnexacroNexacro14
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2025-30389
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.40% / 60.77%
||
7 Day CHG-0.14%
Published-30 Apr, 2025 | 17:14
Updated-26 Feb, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Bot Framework SDK Elevation of Privilege Vulnerability

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_ai_bot_serviceAzure AI Bot Service
CWE ID-CWE-285
Improper Authorization
CVE-2019-18190
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 72.78%
||
7 Day CHG~0.00%
Published-09 Dec, 2019 | 18:50
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-premium_security_2020windowsinternet_security_2020maximum_security_2020antivirus\+_security_2020Trend Micro Security (Consumer)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-17067
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.86%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 16:55
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

Action-Not Available
Vendor-puttyn/aMicrosoft Corporation
Product-windowsputtyn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 110
  • 111
  • Next
Details not found