Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-12641

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 May, 2020 | 14:58
Updated At-21 Oct, 2025 | 23:35
Rejected At-
Credits

Roundcube Webmail Remote Code Execution Vulnerability

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Roundcube Webmail ProjectRoundcube
Product:Roundcube Webmail
Added At:22 Jun, 2023
Due At:13 Jul, 2023

Roundcube Webmail Remote Code Execution Vulnerability

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

Used in Ransomware

:

Unknown

CWE

:
CWE-78

Required Action:

Apply updates per vendor instructions.

Additional Notes:

https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10; https://nvd.nist.gov/vuln/detail/CVE-2020-12641
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 May, 2020 | 14:58
Updated At:21 Oct, 2025 | 23:35
Rejected At:
â–¼CVE Numbering Authority (CNA)

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
x_refsource_MISC
https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
x_refsource_MISC
https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
x_refsource_MISC
https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
x_refsource_MISC
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
x_refsource_MISC
https://security.gentoo.org/glsa/202007-41
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
vendor-advisory
x_refsource_SUSE
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
Resource:
x_refsource_MISC
Hyperlink: https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
Resource:
x_refsource_MISC
Hyperlink: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
Resource:
x_refsource_MISC
Hyperlink: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
Resource:
x_refsource_MISC
Hyperlink: https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
Resource:
x_refsource_MISC
Hyperlink: https://security.gentoo.org/glsa/202007-41
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
Resource:
vendor-advisory
x_refsource_SUSE
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
x_refsource_MISC
x_transferred
https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
x_refsource_MISC
x_transferred
https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
x_refsource_MISC
x_transferred
https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
x_refsource_MISC
x_transferred
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
x_refsource_MISC
x_transferred
https://security.gentoo.org/glsa/202007-41
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202007-41
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2023-06-22
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12641
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
CVE-2020-12641 added to CISA KEV2023-06-22 00:00:00
Event: CVE-2020-12641 added to CISA KEV
Date: 2023-06-22 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12641
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12641
Resource:
government-resource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 May, 2020 | 15:15
Updated At:04 Nov, 2025 | 15:00

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2023-06-222023-07-13Roundcube Webmail Remote Code Execution VulnerabilityApply updates per vendor instructions.
Date Added: 2023-06-22
Due Date: 2023-07-13
Vulnerability Name: Roundcube Webmail Remote Code Execution Vulnerability
Required Action: Apply updates per vendor instructions.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

Roundcube Webmail Project
roundcube
>>webmail>>Versions from 1.2.0(inclusive) to 1.2.10(exclusive)
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>Versions from 1.3.0(inclusive) to 1.3.11(exclusive)
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>Versions from 1.4.0(inclusive) to 1.4.4(exclusive)
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
openSUSE
opensuse
>>backports_sle>>15.0
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
openSUSE
opensuse
>>backports_sle>>15.0
cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcubecve@mitre.org
Exploit
Third Party Advisory
https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3cve@mitre.org
Patch
https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4cve@mitre.org
Release Notes
https://github.com/roundcube/roundcubemail/releases/tag/1.4.4cve@mitre.org
Release Notes
https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10cve@mitre.org
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/202007-41cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcubeaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4af854a3a-2127-422b-91ae-364da2661108
Release Notes
https://github.com/roundcube/roundcubemail/releases/tag/1.4.4af854a3a-2127-422b-91ae-364da2661108
Release Notes
https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/202007-41af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12641134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/202007-41
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/202007-41
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-12641
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

2092Records found

CVE-2019-11627
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.76% / 84.59%
||
7 Day CHG~0.00%
Published-30 Apr, 2019 | 22:49
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.

Action-Not Available
Vendor-signing-party_projectn/aDebian GNU/LinuxopenSUSE
Product-signing-partydebian_linuxleapn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-7169
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-99.94% / 99.97%
||
7 Day CHG~0.00%
Published-25 Sep, 2014 | 01:00
Updated-22 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Action-Not Available
Vendor-mageian/aVMware (Broadcom Inc.)NovellIBM CorporationSUSEF5, Inc.GNURed Hat, Inc.Citrix (Cloud Software Group, Inc.)Oracle CorporationApple Inc.QNAP Systems, Inc.openSUSECanonical Ltd.Check Point Software Technologies Ltd.Arista Networks, Inc.Debian GNU/Linux
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerstn6800storwize_v7000_firmwareenterprise_linux_for_ibm_z_systemsbashmageiabig-ip_wan_optimization_managerstorwize_v3500stn7800_firmwarebig-ip_protocol_security_moduleenterprise_linux_serverenterprise_linux_workstationstorwize_v3700storwize_v3700_firmwarebig-ip_global_traffic_managergluster_storage_server_for_on-premisebig-ip_edge_gatewayopensusestorwize_v3500_firmwareenterprise_managertraffix_signaling_delivery_controllerbig-iq_devicevcenter_server_applianceenterprise_linux_desktopstn7800san_volume_controllerlinux_enterprise_serversecurity_access_manager_for_web_8.0_firmwareenterprise_linux_server_aussan_volume_controller_firmwaresoftware_defined_network_for_virtual_environmentsbig-iq_cloudlinux_enterprise_software_development_kitnetscaler_sdxqtsbig-ip_analyticsbig-ip_local_traffic_managerstudio_onsitebig-ip_access_policy_managerlinuxinfosphere_guardium_database_activity_monitoringqradar_risk_managerubuntu_linuxarxeosenterprise_linux_server_tusbig-iq_securityqradar_vulnerability_managerstn6500enterprise_linux_server_from_rhuistn6800_firmwareflex_system_v7000flex_system_v7000_firmwarenetscaler_sdx_firmwarestn6500_firmwarestorwize_v5000security_access_manager_for_mobile_8.0_firmwarestarter_kit_for_cloudenterprise_linux_eusvirtualizationsecurity_access_manager_for_web_7.0_firmwaresmartcloud_entry_appliancebig-ip_application_security_managerdebian_linuxlinux_enterprise_desktopmac_os_xzenworks_configuration_managementesxbig-ip_webacceleratorenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianworkload_deployerqradar_security_information_and_event_managerarx_firmwarestorwize_v5000_firmwaresecurity_gatewaybig-ip_policy_enforcement_managersmartcloud_provisioningpureapplication_systemstorwize_v7000open_enterprise_serverenterprise_linux_for_scientific_computingbig-ip_link_controllerenterprise_linuxn/aBourne-Again Shell (Bash)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-17368
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.10% / 89.61%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 15:59
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.

Action-Not Available
Vendor-firejail_projectn/aDebian GNU/LinuxopenSUSEFedora Project
Product-firejaildebian_linuxfedoraleapn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-6271
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 99.99%
||
7 Day CHG~0.00%
Published-24 Sep, 2014 | 18:00
Updated-22 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Action-Not Available
Vendor-mageian/aVMware (Broadcom Inc.)NovellIBM CorporationSUSEF5, Inc.GNURed Hat, Inc.Citrix (Cloud Software Group, Inc.)Oracle CorporationApple Inc.QNAP Systems, Inc.openSUSECanonical Ltd.Check Point Software Technologies Ltd.Arista Networks, Inc.Debian GNU/Linux
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerstn6800storwize_v7000_firmwareenterprise_linux_for_ibm_z_systemsbashmageiabig-ip_wan_optimization_managerstorwize_v3500stn7800_firmwarebig-ip_protocol_security_moduleenterprise_linux_serverenterprise_linux_workstationstorwize_v3700storwize_v3700_firmwarebig-ip_global_traffic_managergluster_storage_server_for_on-premisebig-ip_edge_gatewayopensusestorwize_v3500_firmwareenterprise_managertraffix_signaling_delivery_controllerbig-iq_devicevcenter_server_applianceenterprise_linux_desktopstn7800san_volume_controllerlinux_enterprise_serversecurity_access_manager_for_web_8.0_firmwareenterprise_linux_server_aussan_volume_controller_firmwaresoftware_defined_network_for_virtual_environmentsbig-iq_cloudlinux_enterprise_software_development_kitnetscaler_sdxqtsbig-ip_analyticsbig-ip_local_traffic_managerstudio_onsitebig-ip_access_policy_managerlinuxinfosphere_guardium_database_activity_monitoringqradar_risk_managerubuntu_linuxarxeosenterprise_linux_server_tusbig-iq_securityqradar_vulnerability_managerstn6500enterprise_linux_server_from_rhuistn6800_firmwareflex_system_v7000flex_system_v7000_firmwarenetscaler_sdx_firmwarestn6500_firmwarestorwize_v5000security_access_manager_for_mobile_8.0_firmwarestarter_kit_for_cloudenterprise_linux_eusvirtualizationsecurity_access_manager_for_web_7.0_firmwaresmartcloud_entry_appliancebig-ip_application_security_managerdebian_linuxlinux_enterprise_desktopmac_os_xzenworks_configuration_managementesxbig-ip_webacceleratorenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianworkload_deployerqradar_security_information_and_event_managerarx_firmwarestorwize_v5000_firmwaresecurity_gatewaybig-ip_policy_enforcement_managersmartcloud_provisioningpureapplication_systemstorwize_v7000open_enterprise_serverenterprise_linux_for_scientific_computingbig-ip_link_controllerenterprise_linuxn/aBourne-Again Shell (Bash)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-16846
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-99.59% / 99.94%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 07:27
Updated-07 Nov, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Action-Not Available
Vendor-saltstackn/aSaltStackopenSUSEFedora ProjectDebian GNU/Linux
Product-saltdebian_linuxleapfedoran/aSalt
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10018
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.99% / 91.26%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 22:11
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.

Action-Not Available
Vendor-wpewebkitwebkitgtkn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorawebkitgtkwpe_webkitleapn/a
CWE ID-CWE-416
Use After Free
CVE-2019-9215
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.17% / 80.28%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

Action-Not Available
Vendor-live555n/aDebian GNU/LinuxopenSUSE
Product-debian_linuxleapbackports_slestreaming_median/a
CVE-2019-9641
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.40% / 94.86%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 23:00
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

Action-Not Available
Vendor-n/aopenSUSENetApp, Inc.Canonical Ltd.Debian GNU/LinuxThe PHP Group
Product-ubuntu_linuxphpdebian_linuxstorage_automation_storeleapn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-15683
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.65% / 83.94%
||
7 Day CHG+0.03%
Published-22 Oct, 2020 | 20:32
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

Action-Not Available
Vendor-Debian GNU/LinuxopenSUSEMozilla Corporation
Product-thunderbirddebian_linuxfirefoxfirefox_esrleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15205
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9||CRITICAL
EPSS-1.01% / 59.40%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:45
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Data leak in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15917
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 83.57%
||
7 Day CHG~0.00%
Published-23 Jul, 2020 | 18:06
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.

Action-Not Available
Vendor-claws-mailn/aopenSUSEFedora Project
Product-fedoraclaws-mailbackports_sleleapn/a
CVE-2020-14983
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.25% / 80.91%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 19:13
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

Action-Not Available
Vendor-chocolate-doomn/aopenSUSE
Product-chocolate_doomleapcrispy_doombackportsn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-7446
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.99% / 89.36%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxGraphicsMagick
Product-leapdebian_linuxgraphicsmagickopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-12640
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 93.20%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 14:58
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.

Action-Not Available
Vendor-n/aRoundcube Webmail ProjectopenSUSE
Product-webmailbackports_sleleapn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-12823
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.62% / 90.66%
||
7 Day CHG~0.00%
Published-12 May, 2020 | 17:07
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

Action-Not Available
Vendor-infradeadn/aDebian GNU/LinuxopenSUSEFedora Project
Product-openconnectdebian_linuxfedoraleapn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-11984
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-90.04% / 99.78%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 15:27
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverclustered_data_ontapubuntu_linuxdebian_linuxinstantis_enterprisetrackfedoracommunications_session_route_managerzfs_storage_appliance_kitcommunications_session_report_managerhyperion_infrastructure_technologyenterprise_manager_ops_centercommunications_element_managerleapApache HTTP Server
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-11800
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-9.19% / 94.76%
||
7 Day CHG~0.00%
Published-07 Oct, 2020 | 15:02
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aDebian GNU/LinuxZABBIXopenSUSE
Product-zabbixdebian_linuxbackports_sleleapn/a
CVE-2020-10878
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-4.88% / 91.08%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 13:27
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Action-Not Available
Vendor-perln/aNetApp, Inc.Oracle CorporationFedora ProjectopenSUSE
Product-communications_diameter_signaling_routercommunications_billing_and_revenue_managementcommunications_offline_mediation_controllertekelec_platform_distributionperlconfiguration_managercommunications_eagle_lnp_application_processoroncommand_workflow_automationcommunications_performance_intelligence_centersd-wan_awarecommunications_pricing_design_centerfedoracommunications_eagle_application_processorsnap_creator_frameworkcommunications_lsmsenterprise_manager_base_platformleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-10938
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.23% / 91.59%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 15:28
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-backportsdebian_linuxgraphicsmagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-7164
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.52% / 87.94%
||
7 Day CHG~0.00%
Published-20 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

Action-Not Available
Vendor-sqlalchemyn/aopenSUSERed Hat, Inc.Oracle CorporationDebian GNU/Linux
Product-sqlalchemycommunications_operations_monitordebian_linuxenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusbackports_sleenterprise_linux_server_tusleapn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-5482
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-17.94% / 96.85%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 18:06
Updated-15 Apr, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxopenSUSENetApp, Inc.Fedora ProjectCURL
Product-oncommand_unified_managercurloss_support_toolsoncommand_workflow_automationleapsteelstore_cloud_integrated_storagecommunications_session_border_controllerdebian_linuxenterprise_manager_ops_centerhttp_serversnapcenteroncommand_insightcloud_backupmysql_serverhyperion_essbasefedoracommunications_operations_monitorcurl
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5481
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-7.27% / 93.65%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 18:05
Updated-16 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxopenSUSENetApp, Inc.Fedora ProjectCURL
Product-solidfire_baseboard_management_controller_firmwaredebian_linuxcurloss_support_toolsenterprise_manager_ops_centercloud_backupmysql_serverleapcommunications_session_border_controllersteelstorefedoracommunications_operations_monitorsolidfire_baseboard_management_controllercurl
CWE ID-CWE-415
Double Free
CVE-2019-3681
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-7.5||HIGH
EPSS-1.42% / 69.92%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 12:00
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
osc: stores downloaded (supposed) RPM in network-controlled filesystem paths

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .

Action-Not Available
Vendor-openSUSESUSE
Product-linux_enterprise_software_development_kitlinux_enterprise_serverfactoryoscleapopenSUSE FactorySUSE Linux Enterprise Software Development Kit 12-SP4SUSE Linux Enterprise Software Development Kit 12-SP5openSUSE Leap 15.1SUSE Linux Enterprise Module for Development Tools 15
CWE ID-CWE-73
External Control of File Name or Path
CVE-2011-3033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.18% / 80.38%
||
7 Day CHG+0.02%
Published-05 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-5021
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-6.26% / 92.78%
||
7 Day CHG~0.00%
Published-08 May, 2019 | 16:52
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.

Action-Not Available
Vendor-alpinelinuxgliderlabsn/aopenSUSEF5, Inc.
Product-docker-alpinebig-ip_controlleralpine_linuxleapAlpine Linux
CWE ID-CWE-258
Empty Password in Configuration File
CVE-2019-19951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.55% / 83.25%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 00:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-backportsdebian_linuxgraphicsmagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19948
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.68% / 88.43%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 00:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19950
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.71% / 84.30%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 00:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-backportsdebian_linuxgraphicsmagickleapn/a
CWE ID-CWE-416
Use After Free
CVE-2019-18805
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.43% / 87.62%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 13:08
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Broadcom Inc.NetApp, Inc.Linux Kernel Organization, Inc
Product-fas8700_firmwarehci_storage_nodeenterprise_linuxactive_iq_unified_managerfas8300data_availability_servicesaff_a400_firmwareh610s_firmwarehci_compute_nodeaff_a700ssolidfiresteelstore_cloud_integrated_storageh610slinux_kernelhci_management_nodeaff_a700s_firmwaree-series_santricity_os_controlleraff_a400fabric_operating_systemfas8700fas8300_firmwareleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18425
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.55% / 83.25%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 13:39
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxopenSUSEXen Project
Product-xendebian_linuxfedoraleapn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-17545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 83.46%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 01:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Action-Not Available
Vendor-osgeon/aopenSUSEOracle CorporationFedora ProjectDebian GNU/Linux
Product-debian_linuxspatial_and_graphgdalfedorabackports_sleleapn/a
CWE ID-CWE-415
Double Free
CVE-2019-17455
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.31%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 17:17
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

Action-Not Available
Vendor-nongnun/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoralibntlmbackports_sleleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-18906
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 62.28%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 08:35
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cryptctl: client side password hashing is equivalent to clear text password storage

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.

Action-Not Available
Vendor-openSUSESUSE
Product-linux_enterprise_servermanager_servercryptctlSUSE Manager Server 4.0SUSE Linux Enterprise Server for SAP 12-SP5
CWE ID-CWE-287
Improper Authentication
CVE-2016-5771
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.48% / 96.44%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupDebian GNU/Linux
Product-leapdebian_linuxphpopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2019-18622
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 83.48%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 20:32
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

Action-Not Available
Vendor-n/aopenSUSEphpMyAdminFedora Project
Product-fedoraphpmyadminbackports_sleleapn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-5118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-49.98% / 98.78%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEOracle CorporationSUSEDebian GNU/LinuxGraphicsMagick
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopimagemagickgraphicsmagicklinux_enterprise_workstation_extensionstudio_onsitelinux_enterprise_debuginfoleapsolarislinux_enterprise_serverlinuxlinux_enterprise_software_development_kitopensusen/a
CVE-2016-5770
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.34% / 93.70%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupDebian GNU/Linux
Product-leapdebian_linuxphpopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18903
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-7.5||HIGH
EPSS-2.42% / 82.30%
||
7 Day CHG+0.06%
Published-02 Mar, 2020 | 16:45
Updated-17 Sep, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wicked: Use-after-free when receiving invalid DHCP6 IA_PD option

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.

Action-Not Available
Vendor-openSUSESUSE
Product-linux_enterprise_serverleapFactoryLeap 15.1SUSE Linux Enterprise Server 15SUSE Linux Enterprise Server 12
CWE ID-CWE-416
Use After Free
CVE-2016-5167
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.35% / 68.42%
||
7 Day CHG~0.00%
Published-11 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-leapchromen/a
CVE-2016-5178
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-1.84% / 76.55%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-enterprise_linux_server_supplementarydebian_linuxleapfedorachromeenterprise_linux_workstation_supplementaryopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-17361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.11% / 96.36%
||
7 Day CHG~0.00%
Published-17 Jan, 2020 | 01:16
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

Action-Not Available
Vendor-saltstackn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxsaltdebian_linuxleapn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-17042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.07% / 86.15%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 15:34
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.

Action-Not Available
Vendor-rsyslogn/aDebian GNU/LinuxopenSUSEFedora Project
Product-rsyslogdebian_linuxfedoraleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.45% / 87.67%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 11:37
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.

Action-Not Available
Vendor-infradeadn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraopenconnectleapn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-15606
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-20.04% / 97.15%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 14:58
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Oracle CorporationopenSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxgraalvmcommunications_cloud_native_core_network_function_cloud_native_environmententerprise_linuxenterprise_linux_eusnode.jsleapNode
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4542
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-6.06% / 92.58%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupFedora Project
Product-leapphpfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4537
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-5.87% / 92.38%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupFedora Project
Product-leapphpfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4138
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-25.42% / 97.71%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncSUSERed Hat, Inc.Microsoft CorporationAdobe Inc.
Product-linux_enterprise_desktopwindows_8.1enterprise_linux_desktopmacosflash_player_desktop_runtimelinux_kernellinux_enterprise_workstation_extensionwindows_server_2012chrome_oswindows_10enterprise_linux_workstationenterprise_linux_serverwindowsflash_playerwindows_rt_8.1opensusen/a
CVE-2016-4540
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-6.23% / 92.75%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupFedora Project
Product-leapphpfedoran/a
CVE-2016-4538
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-6.23% / 92.75%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupFedora Project
Product-leapphpfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4544
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-6.69% / 93.16%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupDebian GNU/LinuxFedora Project
Product-debian_linuxphpleapfedoraopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 41
  • 42
  • Next
Details not found