Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-3918

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-13 Nov, 2021 | 00:00
Updated At-17 Jan, 2025 | 20:02
Rejected At-
Credits

Prototype Pollution in kriszyp/json-schema

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:13 Nov, 2021 | 00:00
Updated At:17 Jan, 2025 | 20:02
Rejected At:
▼CVE Numbering Authority (CNA)
Prototype Pollution in kriszyp/json-schema

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected Products
Vendor
kriszyp
Product
kriszyp/json-schema
Versions
Affected
  • From unspecified through 0.3.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1321CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Type: CWE
CWE ID: CWE-1321
Description: CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Metrics
VersionBase scoreBase severityVector
3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
N/A
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
N/A
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
mailing-list
Hyperlink: https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Resource: N/A
Hyperlink: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
x_transferred
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
x_transferred
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
mailing-list
x_transferred
https://security.netapp.com/advisory/ntap-20250117-0004/
N/A
Hyperlink: https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Resource:
x_transferred
Hyperlink: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Resource:
mailing-list
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20250117-0004/
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:13 Nov, 2021 | 09:15
Updated At:17 Jan, 2025 | 20:15

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

json-schema_project
json-schema_project
>>json-schema>>Versions before 0.4.0(exclusive)
cpe:2.3:a:json-schema_project:json-schema:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1321Secondarysecurity@huntr.dev
CWE-1321Primarynvd@nist.gov
CWE ID: CWE-1321
Type: Secondary
Source: security@huntr.dev
CWE ID: CWE-1321
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741security@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9security@huntr.dev
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.htmlsecurity@huntr.dev
Mailing List
Third Party Advisory
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00013.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250117-0004/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Source: security@huntr.dev
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Source: security@huntr.dev
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20250117-0004/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1300Records found

CVE-2020-8840
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-26.59% / 97.79%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 19:41
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationHuawei Technologies Co., Ltd.FasterXML, LLC.NetApp, Inc.
Product-global_lifecycle_management_opatchdebian_linuxoncommand_api_servicesjackson-databindoceanstor_9000_firmwareoceanstor_9000oncommand_workflow_automationservice_level_managersteelstore_cloud_integrated_storagen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-16239
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.45% / 87.67%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 11:37
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.

Action-Not Available
Vendor-infradeadn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraopenconnectleapn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-3711
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-87.82% / 99.74%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 14:50
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

Action-Not Available
Vendor-Debian GNU/LinuxOpenSSLNetApp, Inc.Oracle CorporationTenable, Inc.
Product-communications_unified_session_managerjd_edwards_world_securitypeoplesoft_enterprise_peopletoolshealth_sciences_inform_publisheropensslcommunications_cloud_native_core_security_edge_protection_proxyactive_iq_unified_managermysql_connectorsoncommand_workflow_automationtenable.scsantricity_smi-s_providerstorage_encryptionsolidfiresnapcenterenterprise_session_border_controllerclustered_data_ontapdebian_linuxmanageability_software_development_kitessbasecommunications_cloud_native_core_unified_data_repositoryhci_management_nodemysql_enterprise_monitore-series_santricity_os_controllerzfs_storage_appliance_kitclustered_data_ontap_antivirus_connectornessus_network_monitormysql_servercommunications_session_border_controllerenterprise_communications_brokerjd_edwards_enterpriseone_toolsoncommand_insightOpenSSL
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-15606
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-20.04% / 97.15%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 14:58
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Oracle CorporationopenSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxgraalvmcommunications_cloud_native_core_network_function_cloud_native_environmententerprise_linuxenterprise_linux_eusnode.jsleapNode
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.61% / 90.65%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 03:59
Updated-29 Apr, 2026 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

Action-Not Available
Vendor-n/aFasterXML, LLC.Oracle CorporationDebian GNU/LinuxNetApp, Inc.
Product-communications_contacts_serverdebian_linuxinsurance_policy_administration_j2eejd_edwards_enterpriseone_orchestratorprimavera_unifiercommunications_calendar_servercommunications_session_route_managercommunications_instant_messaging_serverfinancial_services_retail_customer_analyticsbanking_digital_experienceretail_merchandising_systemcommunications_session_report_managercommunications_element_managerenterprise_manager_base_platformbanking_platformcommunications_evolved_communications_application_serverautovue_for_agile_product_lifecycle_managementactive_iq_unified_managerweblogic_serverjackson-databindfinancial_services_price_creation_and_discoverycommunications_diameter_signaling_routerjd_edwards_enterpriseone_toolscommunications_network_charging_and_controlfinancial_services_analytical_applications_infrastructureretail_xstore_point_of_serviceretail_service_backboneretail_sales_auditagile_plmfinancial_services_institutional_performance_analyticsglobal_lifecycle_management_opatchn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-15941
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.20% / 80.51%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 19:39
Updated-28 May, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs.

Action-Not Available
Vendor-lemonldap-ngn/aDebian GNU/Linux
Product-debian_linuxlemonldap\n/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2016-5297
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.65% / 88.35%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-thunderbirddebian_linuxfirefoxThunderbirdFirefox ESRFirefox
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-51714
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 58.47%
||
7 Day CHG~0.00%
Published-24 Dec, 2023 | 00:00
Updated-20 Mar, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

Action-Not Available
Vendor-qtn/aDebian GNU/Linux
Product-debian_linuxqtn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-4544
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-6.69% / 93.16%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

Action-Not Available
Vendor-n/aopenSUSEThe PHP GroupDebian GNU/LinuxFedora Project
Product-debian_linuxphpleapfedoraopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2688
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.66% / 92.10%
||
7 Day CHG~0.00%
Published-28 Jul, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

Action-Not Available
Vendor-mod_authnz_external_projectn/aDebian GNU/LinuxThe Apache Software Foundation
Product-mod_authnz_externaldebian_linuxhttp_servern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-4303
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-6.96% / 93.40%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-esn/aopenSUSEDebian GNU/LinuxNovell
Product-debian_linuxsuse_package_hub_for_suse_linux_enterpriseleapiperf3opensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-4002
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.34% / 92.85%
||
7 Day CHG~0.00%
Published-26 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.

Action-Not Available
Vendor-n/aCanonical Ltd.QEMUDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxqemufedoran/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-4610
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.10% / 91.42%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.

Action-Not Available
Vendor-n/aApple Inc.libxml2 (XMLSoft)Microsoft CorporationDebian GNU/LinuxFedora Project
Product-itunesdebian_linuxmac_os_xlibxsltwindowsiphone_osfedoratvosicloudwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4024
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-5.84% / 92.34%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

Action-Not Available
Vendor-enlightenmentn/aDebian GNU/LinuxopenSUSE
Product-debian_linuximlib2opensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4000
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.57% / 93.06%
||
7 Day CHG~0.00%
Published-06 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.

Action-Not Available
Vendor-jython_projectn/aDebian GNU/Linux
Product-debian_linuxjythonn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-5008
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.62% / 88.24%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxlibvirtn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.93% / 97.75%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-5176
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 65.64%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 14:13
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefox_esrdebian_linuxfirefoxFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2851
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.40% / 97.71%
||
7 Day CHG~0.00%
Published-07 Apr, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-cypherpunksn/aDebian GNU/LinuxopenSUSE
Product-leapdebian_linuxlibotropensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3153
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.84% / 76.53%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

Action-Not Available
Vendor-spipn/aDebian GNU/Linux
Product-spipdebian_linuxn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-13917
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.62% / 94.50%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 19:07
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

Action-Not Available
Vendor-n/aDebian GNU/LinuxExim
Product-eximdebian_linuxn/a
CWE ID-CWE-19
Not Available
CVE-2016-3427
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-92.33% / 99.81%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-22 Apr, 2026 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Action-Not Available
Vendor-n/aNetApp, Inc.Oracle CorporationRed Hat, Inc.The Apache Software FoundationopenSUSECanonical Ltd.SUSEDebian GNU/Linux
Product-e-series_santricity_management_plug-insubuntu_linuxjreenterprise_linux_server_tusoncommand_cloud_managervasa_provider_for_clustered_data_ontaponcommand_unified_manageroncommand_workflow_automationjdkenterprise_linux_serverenterprise_linux_workstationvirtual_storage_consolemanagerleapenterprise_linux_euslinux_enterprise_module_for_legacye-series_santricity_web_servicesoncommand_reportopensusejrockitdebian_linuxlinux_enterprise_desktoponcommand_performance_managerenterprise_linux_desktopcassandralinux_enterprise_serveroncommand_balanceenterprise_linux_server_eusenterprise_linux_server_ausoncommand_insightstoragegridlinux_enterprise_software_development_kitsatelliteoncommand_shiftmanager_proxye-series_santricity_storage_managerlinuxopenstack_cloudn/aJava SE and JRockit
CWE ID-CWE-284
Improper Access Control
CVE-2016-3074
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-36.97% / 98.34%
||
7 Day CHG~0.00%
Published-26 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-libgdn/aCanonical Ltd.openSUSEThe PHP GroupDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxphplibgdfedoraopensusen/a
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2020-9760
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.19% / 80.45%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 15:39
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.

Action-Not Available
Vendor-weechatn/aDebian GNU/Linux
Product-debian_linuxweechatn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-2385
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-30.52% / 98.03%
||
7 Day CHG~0.00%
Published-11 Apr, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.

Action-Not Available
Vendor-kamailion/aDebian GNU/Linux
Product-kamailiodebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1629
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-2.64% / 83.87%
||
7 Day CHG~0.00%
Published-21 Feb, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCNovellDebian GNU/Linux
Product-debian_linuxsuse_package_hub_for_suse_linux_enterpriseleapchromeopensusen/a
CVE-2022-48337
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 73.13%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Action-Not Available
Vendor-n/aGNUDebian GNU/Linux
Product-emacsdebian_linuxn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-14271
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-18.83% / 96.97%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 17:05
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxDocker, Inc.
Product-dockerdebian_linuxleapn/a
CWE ID-CWE-665
Improper Initialization
CVE-2019-14896
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-8.67% / 94.52%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 08:05
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedoraenterprise_linuxkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-1659
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 70.60%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterpriseleapchromen/a
CVE-2016-2148
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-28.43% / 97.91%
||
7 Day CHG~0.00%
Published-09 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.

Action-Not Available
Vendor-busyboxn/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxbusyboxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-48565
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.27% / 89.98%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Action-Not Available
Vendor-n/aDebian GNU/LinuxPython Software Foundation
Product-debian_linuxpythonn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2022-48174
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.13% / 86.42%
||
7 Day CHG+0.15%
Published-22 Aug, 2023 | 00:00
Updated-14 Jul, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

Action-Not Available
Vendor-busyboxn/aSiemens AGDebian GNU/Linux
Product-debian_linuxbusyboxn/aSCALANCE XRM334 (2x230 V AC, 8xFO)SIDIS Secured SmartPlugSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XCH328SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (24 V DC, 12xFO)SCALANCE XRH334 (24 V DC, 8xFO, CC)SCALANCE XRM334 (24 V DC, 8xFO)SCALANCE XCM328SCALANCE XRM334 (230 V AC, 8xFO)RUGGEDCOM RST2428PSCALANCE XRM334 (230 V AC, 12xFO)SCALANCE XCM332SCALANCE XCM324SCALANCE XRM334 (2x230 V AC, 12xFO)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2338
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-4.64% / 90.70%
||
7 Day CHG~0.00%
Published-14 Feb, 2020 | 00:00
Updated-05 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRuby
Product-debian_linuxrubyn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2368
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-4.55% / 90.53%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxPidgin
Product-pidgindebian_linuxubuntu_linuxPidgin
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-37924
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-9.8||CRITICAL
EPSS-9.80% / 95.01%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 15:21
Updated-11 May, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ksmbd: fix use-after-free in kerberos authentication

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating on the session and make use of sess->user after it has been passed to ksmbd_free_user but before sess->user is set to NULL.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2016-1908
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-13.74% / 96.09%
||
7 Day CHG~0.00%
Published-11 Apr, 2017 | 00:00
Updated-29 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

Action-Not Available
Vendor-n/aOracle CorporationOpenBSDDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_eusenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_server_ausenterprise_linux_workstationlinuxenterprise_linux_serverdebian_linuxopensshn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-14895
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-7.76% / 93.97%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 13:50
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedoraleapkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.22% / 86.82%
||
7 Day CHG~0.00%
Published-13 Jan, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

Action-Not Available
Vendor-n/aCanonical Ltd.freedesktop.orgDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxlibbsdfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-14897
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.6||MEDIUM
EPSS-2.91% / 85.44%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 14:00
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxdebian_linuxlinux_kernelkernel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12594
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.69% / 93.15%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 16:07
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DOSBox 0.74-2 has Incorrect Access Control.

Action-Not Available
Vendor-dosboxn/aDebian GNU/Linux
Product-debian_linuxdosboxn/a
CVE-2022-47629
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.55% / 72.32%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

Action-Not Available
Vendor-gnupgn/aDebian GNU/Linux
Product-debian_linuxlibksban/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-13451
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.43% / 82.36%
||
7 Day CHG~0.00%
Published-27 Aug, 2019 | 16:37
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.

Action-Not Available
Vendor-xymonn/aDebian GNU/Linux
Product-xymondebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-12900
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.12% / 94.20%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 22:07
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Action-Not Available
Vendor-bzipn/aCanonical Ltd.Python Software FoundationFreeBSD FoundationDebian GNU/LinuxopenSUSE
Product-debian_linuxleapubuntu_linuxpythonfreebsdbzip2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-1245
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-3.66% / 88.37%
||
7 Day CHG~0.00%
Published-22 Feb, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

Action-Not Available
Vendor-quaggan/aDebian GNU/Linux
Product-debian_linuxquaggaQuagga before 1.0.20161017
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-13485
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.85% / 76.73%
||
7 Day CHG~0.00%
Published-27 Aug, 2019 | 16:25
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c.

Action-Not Available
Vendor-xymonn/aDebian GNU/Linux
Product-xymondebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-1243
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-5.03% / 91.30%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.

Action-Not Available
Vendor-unadf_projectn/aDebian GNU/Linux
Product-debian_linuxunadfn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10711
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.84% / 85.08%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 20:00
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.

Action-Not Available
Vendor-apsisn/aDebian GNU/Linux
Product-debian_linuxpoundn/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2016-1239
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-1.21% / 65.03%
||
7 Day CHG~0.00%
Published-19 Feb, 2022 | 17:05
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

duck before 0.10 did not properly handle loading of untrusted code from the current directory.

Action-Not Available
Vendor-Debian GNU/Linux
Product-duckduck
CVE-2019-12838
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.68% / 84.13%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 12:50
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

Action-Not Available
Vendor-schedmdn/aDebian GNU/LinuxopenSUSEFedora Project
Product-slurmdebian_linuxfedoraleapn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 25
  • 26
  • Next
Details not found