Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-32912

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-20 Sep, 2022 | 00:00
Updated At-03 Aug, 2024 | 07:54
Rejected At-
Credits

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:20 Sep, 2022 | 00:00
Updated At:03 Aug, 2024 | 07:54
Rejected At:
▼CVE Numbering Authority (CNA)

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected Products
Vendor
Apple Inc.Apple
Product
iOS
Versions
Affected
  • From unspecified before 16 (custom)
Vendor
Apple Inc.Apple
Product
Safari
Versions
Affected
  • From unspecified before 16 (custom)
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 15.7 (custom)
Problem Types
TypeCWE IDDescription
textN/AProcessing maliciously crafted web content may lead to arbitrary code execution
Type: text
CWE ID: N/A
Description: Processing maliciously crafted web content may lead to arbitrary code execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213446
N/A
https://support.apple.com/en-us/HT213445
N/A
https://support.apple.com/en-us/HT213442
N/A
http://seclists.org/fulldisclosure/2022/Oct/41
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/39
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/40
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/49
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/50
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/47
mailing-list
Hyperlink: https://support.apple.com/en-us/HT213446
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213445
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213442
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/41
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/28
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/39
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/40
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/49
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/50
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/47
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213446
x_transferred
https://support.apple.com/en-us/HT213445
x_transferred
https://support.apple.com/en-us/HT213442
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/41
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/28
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/39
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/40
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/49
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/50
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/47
mailing-list
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213446
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213445
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213442
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/41
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/28
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/39
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/40
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/49
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/50
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/47
Resource:
mailing-list
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:20 Sep, 2022 | 21:15
Updated At:07 Dec, 2022 | 03:11

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Apple Inc.
apple
>>safari>>Versions before 16.0(exclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>ipados>>Versions before 15.7(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 15.7(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2022/Oct/28product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/39product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/40product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/47product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/49product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/50product-security@apple.com
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT213442product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213445product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213446product-security@apple.com
Release Notes
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/28
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/39
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/40
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/41
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/47
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/49
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/50
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://support.apple.com/en-us/HT213442
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213445
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213446
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1980Records found
CVE-2017-5077
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5088
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5030
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-63.05% / 98.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Red Hat, Inc.Google LLCLinux Kernel Organization, IncDebian GNU/Linux
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for AndroidChromium V8
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5054
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.73%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30953
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.56%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:50
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectApple Inc.
Product-iphone_osdebian_linuxipadostvoswatchossafarifedoramacoswatchOSmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28565
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-11.80% / 93.45%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:08
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader out-of-bounds read could lead to information exposure

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-5198
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-69.40% / 98.58%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Red Hat, Inc.Google LLCLinux Kernel Organization, Inc
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and MacChromium V8
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8585
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.68% / 70.61%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. Processing a maliciously crafted movie file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8830
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:54
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xiOS and iPadOSmacOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-24356
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.20%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 19:52
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OnMouseExit method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14848.

Action-Not Available
Vendor-Apple Inc.Foxit Software Incorporated
Product-pdf_editormacospdf_readerPDF Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8204
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.80% / 82.00%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:24
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8657
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.75%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8603
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.31%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read restricted memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8166
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.96% / 87.88%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:13
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a buffer overrun vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1792
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.19% / 77.96%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 18:01
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1867
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.78%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:49
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-6201
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.88% / 74.45%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_ostvossafariicloudiTunes for WindowsiCloud for WindowsSafariiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-54505
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 56.07%
||
7 Day CHG+0.05%
Published-11 Dec, 2024 | 22:58
Updated-21 Dec, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvossafarivisionosmacoswatchOSSafarimacOSiPadOSvisionOStvOSiOS and iPadOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5073
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5114
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.48% / 80.23%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 61.0.3163.79 for Linux, Windows and Mac, and 61.0.3163.81 for Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5057
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5091
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.10% / 77.10%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac
CWE ID-CWE-416
Use After Free
CVE-2017-5108
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5062
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.98% / 75.88%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5095
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.59% / 80.88%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 60.0.3112.78 for Linux, Windows and Mac
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5059
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.49% / 84.70%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5111
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.48% / 80.23%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelenterprise_linux_serverdebian_linuxmacoswindowsGoogle Chrome prior to 61.0.3163.79 for Linux, Windows and Mac
CWE ID-CWE-416
Use After Free
CVE-2017-5121
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.64% / 87.38%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 61.0.3163.100 for Linux, Windows and Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5098
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.37% / 86.85%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-416
Use After Free
CVE-2017-5113
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.61%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5063
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-3071
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.23%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-2987
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.89% / 87.79%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2936
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.58% / 80.83%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-3002
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.14% / 77.53%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-3070
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.77%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2986
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-34.47% / 96.85%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3069
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.77%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3072
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.77%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2996
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.17% / 77.77%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2994
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.99% / 82.86%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-2988
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-40.87% / 97.28%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2999
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.13%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2995
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.72% / 88.96%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-2985
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-40.87% / 97.28%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-2990
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.44%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2925
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.06% / 76.74%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2982
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.32% / 79.06%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-3003
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.15% / 83.57%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-3001
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.14% / 77.53%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 39
  • 40
  • Next
Details not found