Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0657

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Jul, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:24
Rejected At-
Credits

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Jul, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:24
Rejected At:
â–¼CVE Numbering Authority (CNA)

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/15406
vdb-entry
x_refsource_XF
http://www.kb.cert.org/vuls/id/584606
third-party-advisory
x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=108922292425219&w=2
vendor-advisory
x_refsource_HP
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15406
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.kb.cert.org/vuls/id/584606
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://marc.info/?l=bugtraq&m=108922292425219&w=2
Resource:
vendor-advisory
x_refsource_HP
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/15406
vdb-entry
x_refsource_XF
x_transferred
http://www.kb.cert.org/vuls/id/584606
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://marc.info/?l=bugtraq&m=108922292425219&w=2
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15406
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/584606
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=108922292425219&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Aug, 2004 | 04:00
Updated At:16 Apr, 2026 | 00:27

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
ntp
ntp
>>ntp>>Versions before 4.0(exclusive)
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
HP Inc.
hp
>>tru64_unix>>4.0f
cpe:2.3:o:hp:tru64_unix:4.0f:patch_kit8:*:*:*:*:*:*
HP Inc.
hp
>>tru64_unix>>4.0g
cpe:2.3:o:hp:tru64_unix:4.0g:patch_kit4:*:*:*:*:*:*
HP Inc.
hp
>>tru64_unix>>5.1b
cpe:2.3:o:hp:tru64_unix:5.1b:patch_kit2:*:*:*:*:*:*
HP Inc.
hp
>>tru64_unix>>5.1b
cpe:2.3:o:hp:tru64_unix:5.1b:patch_kit3:*:*:*:*:*:*
HP Inc.
hp
>>tru64_unix>>5.1b
cpe:2.3:o:hp:tru64_unix:5.1b:patch_kit4:*:*:*:*:*:*
HP Inc.
hp
>>tru64_unix>>51.1a
cpe:2.3:o:hp:tru64_unix:51.1a:patch_kit6:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=108922292425219&w=2cve@mitre.org
Mailing List
Third Party Advisory
http://www.kb.cert.org/vuls/id/584606cve@mitre.org
Patch
Third Party Advisory
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/15406cve@mitre.org
Third Party Advisory
VDB Entry
http://marc.info/?l=bugtraq&m=108922292425219&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.kb.cert.org/vuls/id/584606af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/15406af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://marc.info/?l=bugtraq&m=108922292425219&w=2
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/584606
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15406
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://marc.info/?l=bugtraq&m=108922292425219&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/584606
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15406
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

502Records found
CVE-2018-7102
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-2.85% / 84.90%
||
7 Day CHG~0.00%
Published-27 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerHPE Intelligent Management Center (iMC) PLAT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-7111
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-5.27% / 91.50%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 13:00
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-universal_internet_of_thingsHPE UIoT
CVE-2016-7431
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-8.64% / 94.41%
||
7 Day CHG~0.00%
Published-13 Jan, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.

Action-Not Available
Vendor-ntpn/a
Product-ntpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-6.14% / 92.53%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.

Action-Not Available
Vendor-ntpn/a
Product-ntpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3143
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-16.22% / 96.53%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.CURLHP Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxsystem_management_homepagemac_os_xcurllibcurln/a
CVE-2015-3200
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.98% / 95.00%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

Action-Not Available
Vendor-lighttpdn/aHP Inc.Oracle Corporation
Product-virtual_customer_access_systemlighttpdsolarisn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2015-3148
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-17.94% / 96.80%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSECURLHP Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxsystem_management_homepagemac_os_xcurllibcurlfedoraopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2014-7810
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-13.87% / 96.05%
||
7 Day CHG~0.00%
Published-07 Jun, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Action-Not Available
Vendor-n/aThe Apache Software FoundationHP Inc.Debian GNU/Linux
Product-tomcatdebian_linuxhp-uxn/a
CWE ID-CWE-284
Improper Access Control
CVE-2007-3730
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.93% / 77.41%
||
7 Day CHG~0.00%
Published-12 Jul, 2007 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvmsn/a
CVE-2015-8139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-5.82% / 92.18%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

Action-Not Available
Vendor-ntpn/a
Product-ntpn/a
CWE ID-CWE-284
Improper Access Control
CVE-2004-2439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.22% / 80.39%
||
7 Day CHG~0.00%
Published-20 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_3000color_laserjet_4600laserjet_9055laserjet_9500_mpflaserjet_9050color_laserjetlaserjet_9500laserjet_3700laserjet_9000laserjet_9065laserjet_4200laserjet_9040_mpflaserjet_4300laserjet_2500laserjet_9050_mpflaserjet_4100_mfplaserjet_9000_mfpn/a
CVE-2013-3575
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-3.84% / 88.76%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_diagnosticsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2000-0251
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.64% / 73.31%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxvvosn/a
CVE-2004-1856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-29.53% / 97.95%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory.

Action-Not Available
Vendor-n/aHP Inc.
Product-web_jetadminn/a
CVE-2002-1999
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.65% / 83.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests.

Action-Not Available
Vendor-n/aHP Inc.
Product-praesidium_webproxyn/a
CVE-2010-3011
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-3.60% / 87.98%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 17:46
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1959
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-2.15% / 79.78%
||
7 Day CHG~0.00%
Published-27 May, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-mercury_testdirector_for_quality_centermercury_quality_centern/a
CVE-2026-8631
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.67% / 47.19%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 20:11
Updated-21 May, 2026 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data.

Action-Not Available
Vendor-HP IncHP Inc.
Product-linux_imaging_and_printingHP Linux Imaging and Printing Software
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10627
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.39% / 68.73%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2

Action-Not Available
Vendor-Qualcomm Technologies, Inc.HP Inc.
Product-j9v80ad3q15ad3q20a_firmwared3q21dd9l64aj6u57b_firmwarek9z74d_firmwared3q21bj6u51b_firmwarej6u57a_firmwarew2z53b_firmwarej6u57bd9l64a_firmwarej3p65a_firmwarej9v82ad3q21d_firmwarej6u55a_firmwared3q15a_firmwarek9z74a_firmwared9l63a_firmwared3q21cj6u55d_firmwared3q15dj6u57aj9v80a_firmwarej9v80b_firmwarej9v80bd3q17aw2z52bd3q20b_firmwarew2z52b_firmwared3q21aj3p65ad3q21a_firmwared3q20dd3q19d2dr21dd3q20c_firmwared3q20d_firmwared3q19ak9z74aj6u55ad3q20aj3p68a_firmwarek9z76b_firmwared3q16dj6u51bj9v78b_firmwarek9z76a_firmwared3q15bd3q17d_firmwarek9z76ad3q21c_firmwareipsd3q17a_firmwarej9v82d_firmwared3q17dd3q16aj9v82dd9l63ad3q16d_firmwaret0g70a_firmwarej6u55dk9z76d_firmwarek9z76dk9z76bd3q19bd3q20bd3q15b_firmware2dr21d_firmwared3q15d_firmwarej3p68ak9z74dd3q20cd3q19b_firmwarew2z53bd3q16a_firmwared3q19d_firmwaret0g70aj9v82a_firmwarej9v78bd3q19a_firmwared3q21b_firmwarePostScript and PDF printers that use IPS versions prior to 2019.2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-2177
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-44.51% / 98.60%
||
7 Day CHG~0.00%
Published-20 Jun, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Action-Not Available
Vendor-n/aOpenSSLHP Inc.Oracle Corporation
Product-icewall_ssoicewall_sso_agent_optionsolarisicewall_mcrplinuxopenssln/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-7848
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.10% / 92.49%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-23 May, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.

Action-Not Available
Vendor-ntpn/aNetApp, Inc.
Product-ntpdata_ontap_operating_in_7-modeclustered_data_ontaponcommand_performance_manageroncommand_balanceoncommand_unified_managern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-7657
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-9.8||CRITICAL
EPSS-16.15% / 96.52%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Action-Not Available
Vendor-NetApp, Inc.Eclipse Foundation AISBLOracle CorporationDebian GNU/LinuxHP Inc.
Product-rest_data_serviceselement_software_management_nodexp_p9000element_softwaresnapcenterdebian_linuxxp_p9000_command_viewhci_storage_nodessnapmanagere-series_santricity_os_controlleroncommand_system_managere-series_santricity_managementretail_xstore_point_of_servicesnap_creator_frameworke-series_santricity_web_servicessantricity_cloud_connectoroncommand_unified_managerjettyEclipse Jetty
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-5804
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-23.05% / 97.46%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-8651
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-67.92% / 99.23%
||
7 Day CHG+0.22%
Published-28 Dec, 2015 | 23:00
Updated-22 Apr, 2026 | 12:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||The impacted product is end-of-life and should be disconnected if still in use.

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLCSUSERed Hat, Inc.Adobe Inc.Linux Kernel Organization, IncopenSUSEHP Inc.Microsoft CorporationApple Inc.
Product-evergreenlinux_enterprise_desktopmac_os_xsystem_management_homepagesystems_insight_managerairenterprise_linux_desktopmatrix_operating_environmentversion_control_repository_managerlinux_kernellinux_enterprise_workstation_extensionair_sdk_\&_compilerenterprise_linux_serverenterprise_linux_workstationinsight_controlwindowsiphone_osflash_playerair_sdkandroidinsight_control_server_provisioningopensusen/aFlash Player
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13131
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 59.02%
||
7 Day CHG~0.00%
Published-04 Jul, 2018 | 00:00
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.

Action-Not Available
Vendor-spadepresale_projectn/a
Product-spadepresalen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13474
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.08% / 60.83%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-fanschaintoken_projectn/a
Product-fanschaintokenn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 57.86%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

Action-Not Available
Vendor-objectledgern/a
Product-objecttokenn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13710
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.15%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-mjolnir_projectn/a
Product-mjolnirn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13688
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.12%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-malltoken_projectn/a
Product-malltokenn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.15%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-osscardtoken_projectn/a
Product-osscardtokenn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.08%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-alex_projectn/a
Product-alexn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13729
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.10%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-jpmd100b_projectn/a
Product-jpmd100bn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.08%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-ethernet_cash_projectn/a
Product-ethernet_cashn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.08% / 60.84%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for EpiphanyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-epnexn/a
Product-epiphanycoinn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13225
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.27%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

Action-Not Available
Vendor-myylc_projectn/a
Product-myylcn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13498
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.11%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for KAPAYcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-kapaycoin_projectn/a
Product-kapaycoinn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13687
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.12%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-normikaivo_projectn/a
Product-normikaivon/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13767
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 68.91%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-cornerstone_projectn/a
Product-cornerstonen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13128
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 57.87%
||
7 Day CHG~0.00%
Published-04 Jul, 2018 | 00:00
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.

Action-Not Available
Vendor-ethertyn/a
Product-etherty_tokenn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13674
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.13%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-combilladvancedtoken_projectn/a
Product-combilladvancedtokenn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 59.02%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-ccash_projectn/a
Product-ccashn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13769
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 68.91%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-jeanstoken_projectn/a
Product-jeanstokenn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 59.02%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-smartpayment_projectn/a
Product-smartpaymentn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 55.77%
||
7 Day CHG~0.00%
Published-02 Jul, 2018 | 23:00
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-iadowr_projectn/a
Product-iadowrn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13698
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.12%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-play2livepromo_projectn/a
Product-play2livepromon/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-18667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.42% / 69.44%
||
7 Day CHG~0.00%
Published-28 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812.

Action-Not Available
Vendor-pylon-networkn/a
Product-pylontokenn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-18666
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.42% / 69.44%
||
7 Day CHG~0.00%
Published-28 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-swftn/a
Product-swftcoinn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-9123
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-2.15% / 79.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.

Action-Not Available
Vendor-go-jose_projectn/a
Product-go-joseGo JOSE All versions before 1.0.5
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13229
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.27%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

Action-Not Available
Vendor-riptidecoin_projectn/a
Product-riptidecoinn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13659
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.12%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 06:00
Updated-05 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mintToken function of a smart contract implementation for BrianCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Action-Not Available
Vendor-briancoin_projectn/a
Product-briancoinn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found