2016-05-11
|
CVE-2016-4117
|
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
|
Flash_player, Evergreen, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_from_rhui, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension
|
9.8
|
|
|
2017-09-19
|
CVE-2017-12615
|
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
|
Tomcat, 7\-Mode_transition_tool, Oncommand_balance, Oncommand_shift, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Jboss_enterprise_web_server, Jboss_enterprise_web_server_text\-Only_advisories
|
8.1
|
|
|
2017-10-04
|
CVE-2017-12617
|
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
|
Tomcat, Ubuntu_linux, Debian_linux, Active_iq_unified_manager, Element, Oncommand_balance, Oncommand_insight, Oncommand_shift, Oncommand_workflow_automation, Snapcenter, Agile_plm, Communications_instant_messaging_server, Endeca_information_discovery_integrator, Enterprise_manager_for_mysql_database, Financial_services_analytical_applications_infrastructure, Fmw_platform, Health_sciences_empirica_inspections, Hospitality_guest_access, Instantis_enterprisetrack, Management_pack, Micros_lucas, Micros_retail_xbri_loss_prevention, Mysql_enterprise_monitor, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_convenience_and_fuel_pos_software, Retail_eftlink, Retail_insights, Retail_invoice_matching, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_price_management, Retail_returns_management, Retail_store_inventory_management, Retail_xstore_point_of_service, Transportation_management, Tuxedo_system_and_applications_monitor, Webcenter_sites, Workload_manager, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Fuse, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_enterprise_web_server_text\-Only_advisories
|
8.1
|
|
|
2019-10-28
|
CVE-2019-11043
|
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
|
Ubuntu_linux, Debian_linux, Fedora, Php, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Software_collections, Tenable\.sc
|
9.8
|
|
|
2014-02-28
|
CVE-2014-0069
|
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
|
Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server
|
N/A
|
|
|
2013-05-16
|
CVE-2013-2729
|
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.
|
Acrobat, Acrobat_reader, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Linux_enterprise_desktop
|
9.8
|
|
|
2013-06-26
|
CVE-2013-1690
|
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
|
Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit
|
8.8
|
|
|
2014-04-07
|
CVE-2014-0160
|
Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
|
Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk
|
7.5
|
|
|
2015-07-14
|
CVE-2015-5122
|
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property,...
|
Flash_player, Flash_player_desktop_runtime, Evergreen, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension
|
9.8
|
|
|
2015-07-14
|
CVE-2015-5123
|
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
|
Flash_player, Flash_player_desktop_runtime, Evergreen, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension
|
9.8
|
|
|