CVE-2011-3389

CVE-2011-3389 is the BEAST information-disclosure vulnerability in TLS/SSL CBC-mode encryption, allowing a network attacker to glean plaintext headers under certain configurations (e.g., when CBC with chained IVs is used and the attacker can inject/observe traffic). The connected documents show m...

CVE-1999-0524

CVE-1999-0524 is an ICMP information-disclosure vulnerability where ICMP replies reveal (1) netmask and (2) timestamp to arbitrary hosts. Connected reports link it to multiple products (e.g., Nutanix AHV advisories NXSA‑AHV series and ABB M2M Gateway plugin) and describe the issue as an informati...

CVE-2018-0598

The CVE-2018-0598 issue concerns self-extracting archive files created by IExpress bundled with Microsoft Windows. Affected component is the IExpress self-extracting archive mechanism, where an untrusted search path can lead to DLL planting and privilege escalation by loading a Trojan horse DLL f...

CVE-2021-36958

CVE-2021-36958 is a Windows Print Spooler RCE vulnerability where privileged file operations allow an attacker to execute code with SYSTEM privileges. Exploitation is described as local (with user interaction) in the CVE data, and Microsoft issued a fix as part of the PrintNightmare remediation. ...

CVE-2011-0638

The CVE describes a Windows HID over USB vulnerability where the system fails to warn before enabling HID functionality, enabling user‑assisted attackers to run arbitrary code via crafted USB data (e.g., keyboard/mouse data from malware on a connected phone). Concrete details in connected docs sh...

CVE-2008-4037

CVE-2008-4037 describes a remote code-execution condition in various Windows platforms where SMB servers can replay NTLM credentials to a client, enabling arbitrary code execution (SMB Credential Reflection). The issue, demonstrated by backrush, is part of the SMB relay/credential reflection fami...

CVE-2007-5348

The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...

CVE-2015-3052

CVE-2015-3052 (BLEND) is a memory-disclosure/heap manipulation vulnerability in PostScript/OpenType charstring handling that enables fully reliable remote code execution on vulnerable 32-bit systems. Project Zero describes it as a defeat of exploit mitigations via the BLEND operator: loading a si...

CVE-2014-9160

Adobe Reader/Acrobat on Windows and macOS is vulnerable to multiple heap-based buffer overflows in CoolType.dll, triggered by crafted PDF files. Affected products include Adobe Reader and Acrobat 10.x prior to 10.1.14 and 11.x prior to 11.0.11, with CVEs including CVE-2014-9160, CVE-2014-9161 and...

CVE-2015-4796

Technical details for CVE-2015-4796 are not publicly provided in the supplied documents. No concrete affected product/version, root cause, impact, or remediation is specified here. Monitor updates from vendors and security advisories for new information.

CVE-2007-2108

CVE-2007-2108 affects Oracle Database Core RDBMS on Windows (versions 9.0.1.5, 9.2.0.8, 10.1.0.5, 10.2.0.2). Remote attackers may gain privileges due to NTLM SSPI AcceptSecurityContext granting privileges based on username while all users appear as Guest. No exploit details provided in the source...

CVE-2015-3072

Technical details about CVE-2015-3072 are not publicly provided in the supplied documents. Monitor for updates from official advisories.

CVE-2015-3073

Technical details about CVE-2015-3073 are not provided in the connected EUVD entries. Please monitor ENISA EUVD records for updates; no specifics on affected products, vectors, or fixes are given.

CVE-2015-4716

CVE-2015-4716 is a directory traversal vulnerability in ownCloud Server’s routing component affecting Windows deployments; affected versions are before 7.0.6 and 8.0.x before 8.0.4, allowing remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. Debian ad...

CVE-2009-3864

CVE-2009-3864 affects Sun Java JRE/JDK 5.0 before Update 22 and JDK/JRE 6 before Update 17 on non-English Windows; the Java update mechanism fails to fetch new JRE versions, leaving older releases vulnerable to pre-existing issues (Bug 6869694). Connected advisories corroborate that this CVE is a...

CVE-2022-0280

The CVE-2022-0280 issue affects McAfee Total Protection for Windows, specifically the QuickClean feature. A race condition in QuickClean (prior to version 16.0.43) can be exploited by a local attacker to elevate privileges and delete arbitrary files, potentially causing data loss and denial of se...

CVE-2008-3012

CVE-2008-3012 corresponds to an in-GDI+ memory allocation flaw in gdiplus.dll that could allow remote code execution when a specially crafted EMF image is viewed. Connected docs confirm this as MS08-052, addressing vulnerabilities in GDI+ across Windows and Office components (IE6, Windows XP, Ser...

CVE-2015-3066

Technical details for CVE-2015-3066 are not publicly available in the provided documents. Monitor for updates from official advisories; no specific affected product/version, exploit info, or remediation is described here.

CVE-2015-3048

Adobe Reader/Acrobat is affected by multiple vulnerabilities, including CVE-2015-3048, described under APSB15-10. The impact is a buffer overflow/memory corruption that can lead to arbitrary code execution when processing PDF content. Affected products include Adobe Reader/Acrobat on Windows and ...

CVE-2015-3074

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X are affected by CVE-2015-3074, a vulnerability that allows attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors. The description indicates this is a different issue fr...

CVE-2015-3051

CVE-2015-3051 is identified in connected documents as a memory-corruption issue related to font engine handling (STOREWV) across affected PostScript/OpenType paths. The Google Project Zero posts map CVE-2015-3051 to a STOREWV-related issue and discuss exploitation potential via font interpreters ...

CVE-2015-3055

CVE-2015-3055 is an Adobe Acrobat/Reader use-after-free vulnerability. Affected: Adobe Reader and Acrobat 10.x prior to 10.1.14 and 11.x prior to 11.0.11 on Windows and OS X. Root cause: use-after-free in memory handling allows remote code execution via a crafted PDF file (vector not fully specif...

CVE-2015-3062

Technical details about CVE-2015-3062 are not publicly available in the provided Connected documents. Monitor ENISA EUVD entries and other sources for updated vulnerability specifics, affected products, impact, and remediation.

CVE-2014-8446

Adobe Reader and Acrobat 10.x (prior to 10.1.13) and 11.x (prior to 11.0.10) on Windows and macOS are affected by CVE-2014-8446. The connected advisories attribute the issue to a memory corruption vulnerability that occurs while parsing a corrupted PDF file, enabling a remote attacker to entice a...

CVE-2015-3061

Technical details (affected software, root cause, impact, patches) are not publicly available in the provided documents beyond the general CVE description. Monitor for updates.

CVE-2015-3067

Technical details about CVE-2015-3067 are not publicly provided in the supplied documents. No affected products, versions, or fixes are specified here. Monitor for updates from official advisories.

CVE-2014-8452

CVE-2014-8452 is an XML External Entity (XXE) information-disclosure flaw in Adobe Reader/Acrobat. Connected sources confirm the issue affects Adobe Reader X/XI prior to 10.1.14/11.0.11, with the root cause being improper XML/ENTITY handling in the product’s XML parser. Public advisories (APSB15-...

CVE-2015-3047

Adobe Acrobat/Reader on Windows and macOS (older than 10.1.14 and 11.0.11) is affected by CVE-2015-3047 due to multiple input validation issues, NULL pointer dereference, and related memory corruption flaws. According to connected advisories, exploitation could crash or potentially allow arbitrar...

CVE-2015-3050

Technical details for CVE-2015-3050 are not publicly provided in the supplied documents; monitor for updates.

CVE-2015-3075

Adobe Acrobat/Reader Use-After-Free (CVE-2015-3075) affects Adobe Reader/Acrobat 10.x (pre-10.1.14) and 11.x (pre-11.0.11) on Windows and macOS. The connected advisories describe a use-after-free in memory handling that can be triggered by opening a specially crafted PDF file, enabling remote cod...

CVE-2015-3053

CVE-2015-3053 is an Adobe Acrobat/Reader use-after-free vulnerability. A remote attacker could exploit a use-after-free in memory handling of PDF objects to achieve arbitrary code execution via a specially crafted PDF file. Affected products include Adobe Acrobat/Reader versions 10.x before 10.1....

CVE-2015-3054

Adobe Reader and Acrobat on Windows/macOS are affected by a use-after-free vulnerability in memory handling when processing crafted PDFs (CVE-2015-3054). The underlying issue is an object handling error that can lead to arbitrary code execution. Public advisories (APSB15-10) reference this CVE fa...

CVE-2015-3070

CVE-2015-3070 affects Adobe Reader/Acrobat 10.x (before 10.1.14) and 11.x (before 11.0.11) on Windows and macOS. The vulnerability arises from memory corruption in font-rendering engines (Type 1/OpenType Charstring interpreter) encountered in Reader/Acrobat and related components (e.g., ATMFD.DLL...

CVE-2015-3071

Adobe Reader/Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X are affected by CVE-2015-3071, which bypasses intended JavaScript API execution restrictions via unspecified vectors. The description notes this as a different vulnerability from CVE-2015-3060/3061/3062/3063/3064...

CVE-2015-3064

Technical details for CVE-2015-3064 are not publicly available in the provided documents. No concrete product/impact/version information is supplied beyond a general description. Monitor for updates.

CVE-2018-0599

The CVE-2018-0599 issue affects the Visual C++ Redistributable installer. A vulnerability exists in the installer’s DLL search path (DLL planting) that can allow arbitrary code execution with the privileges of the user invoking the installer. Affected component is the installer for Visual C++ Red...

CVE-2015-3063

Technical details about CVE-2015-3063 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2015-3068

Technical details for CVE-2015-3068 are not publicly available in the provided documents; no affected products, versions, root cause, impact, or fixes are disclosed here. Monitor for official updates.

CVE-2015-3069

Technical details for CVE-2015-3069 are not publicly available in the provided documents; no affected products, root cause, or fixes are specified here. Monitor for updates.

CVE-2014-9158

CVE-2014-9158 affects Adobe Reader and Acrobat (Windows and OS X) and is a memory corruption vulnerability caused by an error while parsing a corrupted PDF file. A remote attacker may exploit this by enticing a user to open a specially crafted PDF, potentially enabling arbitrary code execution or...

CVE-2015-3056

CVE-2015-3056 is described as a memory corruption/remote code execution vulnerability in Adobe Reader and Acrobat (10.x pre-10.1.14; 11.x pre-11.0.11) on Windows and OS X with unspecified vectors. The connected documents mainly discuss font-engine related flaws (e.g., BLEND/CVE-2015-0093 and memo...

CVE-2015-3058

CVE-2015-3058 affects Adobe Reader/Acrobat for Windows and macOS, with the description noting that attackers could obtain sensitive information from the process memory in 10.x < 10.1.14 and 11.x

CVE-2015-3065

Technical details about CVE-2015-3065 are not publicly available in the provided Connected documents. No specifics on affected products, components, versions, root cause, or fixes are included. Monitor for updates.

CVE-2010-3139

CVE-2010-3139 refers to an untrusted search path/insecure library loading vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe). Multiple sources describe that a Trojan horse imm.dll located in the same folder as a .grp file can be hijacked to execute arbitrary code, potentiall...

CVE-2015-3076

CVE-2015-3076 is a memory-corruption vulnerability affecting Adobe Reader/Acrobat on Windows and OS X (Reader/Acrobat 10.x before 10.1.14 and 11.x before 11.0.11). Public advisories describe exploitation via parsing a malicious PDF (potentially containing JavaScript), leading to remote code execu...

CVE-2014-8445

CVE-2014-8445 involves memory corruption in Adobe Reader and Acrobat. The connected advisories describe vulnerability rooted in parsing a corrupted PDF file, allowing a remote attacker to trigger code execution or memory corruption by convincing a user to open a crafted PDF. Affected products are...

CVE-2014-8448

CVE-2014-8448 is an information-disclosure vulnerability in Adobe Reader/Acrobat JavaScript API affecting the 10.x line (before 10.1.13) and the 11.x line (before 11.0.10) on Windows and macOS. Connected advisories cite APSB14-28 and describe exploitation via specially crafted PDF files that enti...

CVE-2015-3046

Technical details for CVE-2015-3046 are not publicly provided in the connected documents. Monitor for updates from vendors; no specifics on affected products, versions, impact, or fixes are included here.

CVE-2015-3057

CVE-2015-3057 is a memory corruption vulnerability in Adobe Acrobat/Reader (10.x up to 10.1.14 and 11.x up to 11.0.11 on Windows and macOS) exploited by parsing a malicious PDF containing JavaScript. The connected advisories (APSB15-10 series) link this CVE to similar PDF-loading memory corruptio...

CVE-2014-8451

CVE-2014-8451 concerns Adobe Reader/Acrobat 10.x (before 10.1.13) and 11.x (before 11.0.10) on Windows and OS X. The issue is an information-disclosure vulnerability arising from an improper implementation of a JavaScript API within the product. A remote attacker could lure a user to open a speci...