Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-42917

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-30 Nov, 2023 | 22:18
Updated At-21 Oct, 2025 | 23:05
Rejected At-
Credits

Apple Multiple Products WebKit Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Apple Inc.Apple
Product:Multiple Products
Added At:04 Dec, 2023
Due At:25 Dec, 2023

Apple Multiple Products WebKit Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Used in Ransomware

:

Unknown

CWE

:
CWE-787

Required Action:

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Additional Notes:

https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-42917
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:30 Nov, 2023 | 22:18
Updated At:21 Oct, 2025 | 23:05
Rejected At:
â–¼CVE Numbering Authority (CNA)

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Affected Products
Vendor
Apple Inc.Apple
Product
Safari
Versions
Affected
  • From unspecified before 17.1 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 14.1 (custom)
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 17.1 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AProcessing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Type: N/A
CWE ID: N/A
Description: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT214033
N/A
https://support.apple.com/en-us/HT214032
N/A
https://support.apple.com/en-us/HT214031
N/A
https://support.apple.com/kb/HT214033
N/A
http://www.openwall.com/lists/oss-security/2023/12/05/1
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
N/A
https://support.apple.com/kb/HT214034
N/A
https://www.debian.org/security/2023/dsa-5575
N/A
http://seclists.org/fulldisclosure/2023/Dec/3
N/A
http://seclists.org/fulldisclosure/2023/Dec/4
N/A
http://seclists.org/fulldisclosure/2023/Dec/5
N/A
http://seclists.org/fulldisclosure/2023/Dec/8
N/A
http://seclists.org/fulldisclosure/2023/Dec/13
N/A
http://seclists.org/fulldisclosure/2023/Dec/12
N/A
https://security.gentoo.org/glsa/202401-04
N/A
https://support.apple.com/kb/HT214062
N/A
http://seclists.org/fulldisclosure/2024/Jan/35
N/A
Hyperlink: https://support.apple.com/en-us/HT214033
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT214032
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT214031
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT214033
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2023/12/05/1
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT214034
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5575
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/3
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/4
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/5
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/8
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/13
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/12
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202401-04
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT214062
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jan/35
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT214033
x_transferred
https://support.apple.com/en-us/HT214032
x_transferred
https://support.apple.com/en-us/HT214031
x_transferred
https://support.apple.com/kb/HT214033
x_transferred
http://www.openwall.com/lists/oss-security/2023/12/05/1
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
x_transferred
https://support.apple.com/kb/HT214034
x_transferred
https://www.debian.org/security/2023/dsa-5575
x_transferred
http://seclists.org/fulldisclosure/2023/Dec/3
x_transferred
http://seclists.org/fulldisclosure/2023/Dec/4
x_transferred
http://seclists.org/fulldisclosure/2023/Dec/5
x_transferred
http://seclists.org/fulldisclosure/2023/Dec/8
x_transferred
http://seclists.org/fulldisclosure/2023/Dec/13
x_transferred
http://seclists.org/fulldisclosure/2023/Dec/12
x_transferred
https://security.gentoo.org/glsa/202401-04
x_transferred
https://support.apple.com/kb/HT214062
x_transferred
http://seclists.org/fulldisclosure/2024/Jan/35
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214033
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214032
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214031
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT214033
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/12/05/1
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT214034
Resource:
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5575
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/3
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/4
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/5
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/8
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/13
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/12
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202401-04
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT214062
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jan/35
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2023-12-04
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2023-42917 added to CISA KEV2023-12-04 00:00:00
Event: CVE-2023-42917 added to CISA KEV
Date: 2023-12-04 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917
Resource:
government-resource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:30 Nov, 2023 | 23:15
Updated At:23 Oct, 2025 | 18:49

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2023-12-042023-12-25Apple Multiple Products WebKit Memory Corruption VulnerabilityApply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Date Added: 2023-12-04
Due Date: 2023-12-25
Vulnerability Name: Apple Multiple Products WebKit Memory Corruption Vulnerability
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Apple Inc.
apple
>>safari>>Versions before 17.1.2(exclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>ipados>>Versions before 15.8.1(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>ipados>>Versions from 16.0(inclusive) to 16.7.3(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>ipados>>Versions from 17.0(inclusive) to 17.1.2(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 15.8.1(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions from 16.0(inclusive) to 16.7.3(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions from 17.0(inclusive) to 17.1.2(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 14.0(inclusive) to 14.1.2(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>12.0
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
webkitgtk
webkitgtk
>>webkitgtk\+>>Versions before 2.42.3(exclusive)
cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2023/Dec/12product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/13product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/3product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/4product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/5product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/8product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/35product-security@apple.com
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/05/1product-security@apple.com
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/product-security@apple.com
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/product-security@apple.com
Mailing List
https://security.gentoo.org/glsa/202401-04product-security@apple.com
Third Party Advisory
https://support.apple.com/en-us/HT214031product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT214032product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT214033product-security@apple.com
Vendor Advisory
https://support.apple.com/kb/HT214033product-security@apple.com
Vendor Advisory
https://support.apple.com/kb/HT214034product-security@apple.com
Vendor Advisory
https://support.apple.com/kb/HT214062product-security@apple.com
Vendor Advisory
https://www.debian.org/security/2023/dsa-5575product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/12af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/13af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/3af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/4af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/5af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/8af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/35af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/05/1af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://security.gentoo.org/glsa/202401-04af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/en-us/HT214031af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/en-us/HT214032af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/en-us/HT214033af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/kb/HT214033af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/kb/HT214034af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/kb/HT214062af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.debian.org/security/2023/dsa-5575af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/12
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/13
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/3
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/4
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/5
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/8
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2024/Jan/35
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/12/05/1
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: https://security.gentoo.org/glsa/202401-04
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/en-us/HT214031
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214032
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214033
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT214033
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT214034
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT214062
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5575
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/12
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Dec/8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2024/Jan/35
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/12/05/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://security.gentoo.org/glsa/202401-04
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/en-us/HT214031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214032
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214033
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT214033
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT214034
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT214062
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5575
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

4240Records found
CVE-2018-4937
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-74.18% / 98.80%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindows_8.1chrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10flash_playerAdobe Flash Player 29.0.0.113 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4179
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-50.21% / 97.76%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4219
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4122
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.74% / 85.64%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-3848
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.48%
||
7 Day CHG~0.00%
Published-16 Apr, 2018 | 15:00
Updated-17 Sep, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Action-Not Available
Vendor-nasaFedora ProjectTalos (Cisco Systems, Inc.)
Product-cfitsiofedoraNASA CFITSIO
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4657
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-78.36% / 99.00%
||
7 Day CHG~0.00%
Published-25 Aug, 2016 | 21:00
Updated-22 Oct, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-14||Apply updates per vendor instructions.

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/aiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-3849
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.87% / 74.76%
||
7 Day CHG~0.00%
Published-16 Apr, 2018 | 15:00
Updated-17 Sep, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Action-Not Available
Vendor-nasaFedora ProjectTalos (Cisco Systems, Inc.)
Product-cfitsiofedoraNASA CFITSIO
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-13042
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.10%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 16:48
Updated-25 Nov, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromemacoswindowslinux_kernelChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4187
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4935
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-74.18% / 98.80%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindows_8.1chrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10flash_playerAdobe Flash Player 29.0.0.113 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-3846
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.95% / 75.96%
||
7 Day CHG~0.00%
Published-16 Apr, 2018 | 15:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Action-Not Available
Vendor-nasaFedora ProjectTalos (Cisco Systems, Inc.)
Product-cfitsiofedoraNASA CFITSIO
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4182
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-11.54% / 93.46%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4220
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4181
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20004
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.71% / 71.79%
||
7 Day CHG~0.00%
Published-10 Dec, 2018 | 06:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.

Action-Not Available
Vendor-mini-xml_projectn/aDebian GNU/LinuxFedora Project
Product-mini-xmldebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-11205
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.67%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 22:08
Updated-13 Nov, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Google LLCMicrosoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4234
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4241
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4235
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4180
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4249
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.45% / 93.07%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4245
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4154
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.25% / 88.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4172
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4127
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.74% / 85.64%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4280
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.31% / 86.96%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4177
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-48.23% / 97.65%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4176.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4184
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8688
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-5.13% / 89.62%
||
7 Day CHG+0.87%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-enterprise_linux_serveritunesiphone_oswatchostvossafarienterprise_linux_workstationmac_os_xenterprise_linux_desktopicloudiCloud for Windows (Microsoft Store)iTunes for WindowswatchOSSafarimacOSiCloud for WindowsiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3246
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.81% / 73.73%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.

Action-Not Available
Vendor-libsndfile_projectn/aDebian GNU/LinuxFedora Project
Product-libsndfiledebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4276
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.31% / 86.96%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4218
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4217
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.20% / 89.68%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4166
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.67% / 87.62%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4185
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.89% / 91.19%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-14152
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.09% / 77.56%
||
7 Day CHG~0.00%
Published-05 Sep, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.

Action-Not Available
Vendor-uclouvainn/aDebian GNU/Linux
Product-debian_linuxopenjpegn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4153
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.25% / 88.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4233
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4244
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30737
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.13%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 13:43
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4190
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4240
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4246
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 88.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4245.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4125
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.74% / 85.64%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4155
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.25% / 88.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4151
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.25% / 88.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_serverchrome_oslinux_kernellinux_enterprise_workstation_extensionopensuseflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4175
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-50.21% / 97.76%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30518
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.82% / 73.96%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 17:15
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30565
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.00%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 19:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora ProjectLinux Kernel Organization, Inc
Product-chromechrome_osfedoralinux_kernelChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30590
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.76%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 17:05
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 84
  • 85
  • Next
Details not found