Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-0470

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Feb, 2005 | 05:00
Updated At-07 Aug, 2024 | 21:13
Rejected At-
Credits

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Feb, 2005 | 05:00
Updated At:07 Aug, 2024 | 21:13
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
mailing-list
x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
vdb-entry
x_refsource_XF
http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/14313
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1013226
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/14313
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1013226
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
mailing-list
x_refsource_MLIST
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
vdb-entry
x_refsource_XF
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/14313
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1013226
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/14313
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1013226
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Mar, 2005 | 05:00
Updated At:03 Apr, 2025 | 01:03

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.1
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.1:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.2
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.2:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.3
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.3:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.4
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.5
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.6
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
Gentoo Foundation, Inc.
gentoo
>>linux>>*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.2
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.2
cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.shmoo.com/pipermail/hostap/2005-February/009465.htmlcve@mitre.org
N/A
http://secunia.com/advisories/14313cve@mitre.org
Patch
Vendor Advisory
http://securitytracker.com/id?1013226cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-22.xmlcve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19357cve@mitre.org
N/A
http://lists.shmoo.com/pipermail/hostap/2005-February/009465.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/14313af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://securitytracker.com/id?1013226af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-22.xmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19357af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/14313
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1013226
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/14313
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1013226
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

81Records found
CVE-2016-5285
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.77%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 15:44
Updated-06 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-SUSEDebian GNU/LinuxRed Hat, Inc.Mozilla CorporationAvaya LLC
Product-call_management_systemlinux_enterprise_serveraura_application_server_5300cs1000e\/cs1000m_signaling_server_firmwareaura_communication_managermessage_networkingcs1000m_firmwareproactive_contactiqcs1000e_firmwareaura_system_platformbreeze_platformaura_application_enablement_servicesaura_system_platform_firmwareaura_communication_manager_messagintone-x_client_enablement_servicesip_officeaura_system_manageraura_utility_servicesaura_conferencingaura_experience_portalaura_session_managersession_border_controller_for_enterpriseenterprise_linuxcs1000msession_border_controller_for_enterprise_firmwaremeeting_exchangecs1000edebian_linuxaura_messagingcs1000e\/cs1000m_signaling_servernssNetwork Security Services
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.27% / 84.00%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

Action-Not Available
Vendor-ntpn/aSiemens AGopenSUSESUSENovellOracle Corporation
Product-solarissimatic_net_cp_443-1_opc_ualeapntpopensusemanager_proxyopenstack_cloudsuse_managerlinux_enterprise_desktopsimatic_net_cp_443-1_opc_ua_firmwarelinux_enterprise_servern/a
CVE-2016-4957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-57.88% / 98.09%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.

Action-Not Available
Vendor-ntpn/aopenSUSESUSENovellOracle Corporation
Product-solarisleapntpopensusemanager_proxyopenstack_cloudsuse_managerlinux_enterprise_desktoplinux_enterprise_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4953
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.64% / 93.71%
||
7 Day CHG-3.96%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

Action-Not Available
Vendor-ntpn/aSiemens AGopenSUSESUSEOracle Corporation
Product-tim_4r-iesolarissimatic_net_cp_443-1_opc_ualeapntpopensusemanager_proxyopenstack_cloudtim_4r-ie_dnp3_firmwarelinux_enterprise_desktopsimatic_net_cp_443-1_opc_ua_firmwaremanagertim_4r-ie_dnp3tim_4r-ie_firmwarelinux_enterprise_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-4954
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.94% / 91.04%
||
7 Day CHG-1.06%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

Action-Not Available
Vendor-ntpn/aSiemens AGopenSUSESUSEOracle Corporation
Product-tim_4r-iesolarissimatic_net_cp_443-1_opc_ualeapntpopensusemanager_proxyopenstack_cloudtim_4r-ie_dnp3_firmwarelinux_enterprise_desktopsimatic_net_cp_443-1_opc_ua_firmwaremanagertim_4r-ie_dnp3tim_4r-ie_firmwarelinux_enterprise_servern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-1286
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-68.03% / 98.53%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.Internet Systems Consortium, Inc.openSUSESUSEFedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-srx4600vsrxmanager_proxysrx2300srx3400srx340managerdebian_linuxsrx380srx240srx5400srx3600leapopensusefedorasrx1400srx345srx650srx210srx550_hmsrx100srx5000linux_enterprise_debuginfosrx4100srx550openstack_cloudlinux_enterprise_desktopjunossrx110srx1500srx4000linux_enterprise_software_development_kitsrx5600srx300srx4300srx550msrx5800srx220bindubuntu_linuxsrx4200srx240h2srx4700srx1600srx320srx240mlinux_enterprise_servern/a
CVE-2022-21952
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.52%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 10:05
Updated-16 Sep, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUMA unauthenticated remote DoS via resource exhaustion

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.

Action-Not Available
Vendor-SUSE
Product-manager_serverSUSE Manager Server 4.1SUSE Manager Server 4.2
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2005-0398
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.06% / 88.07%
||
7 Day CHG~0.00%
Published-26 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

Action-Not Available
Vendor-ipsec-toolskamealtlinuxn/aRed Hat, Inc.SUSESilicon Graphics, Inc.
Product-propackipsec-toolsenterprise_linux_desktopsuse_linuxracoonalt_linuxenterprise_linuxn/a
CVE-2015-8930
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.80% / 89.06%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveSUSE
Product-libarchiveubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0983
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.12% / 77.31%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

Action-Not Available
Vendor-yukihiro_matsumoton/aUbuntuGentoo Foundation, Inc.Mandriva (Mandrakesoft)
Product-rubymandrake_linux_corporate_serverubuntu_linuxlinuxmandrake_linuxn/a
CVE-2015-6855
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.25% / 88.34%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

Action-Not Available
Vendor-n/aSUSEQEMUArista Networks, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-qemufedoraubuntu_linuxlinux_enterprise_desktopeosdebian_linuxlinux_enterprise_servern/a
CWE ID-CWE-369
Divide By Zero
CVE-2015-5219
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.64% / 87.38%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.SUSERed Hat, Inc.Oracle CorporationFedora ProjectopenSUSENovellSiemens AG
Product-enterprise_linux_desktoplinuxenterprise_linux_workstationfedoralinux_enterprise_serverleapenterprise_linux_serverdebian_linuxlinux_enterprise_debuginfotim_4r-ientptim_4r-id_dnp3tim_4r-id_dnp3_firmwareopenstack_cloudmanager_proxyenterprise_linux_hpc_nodetim_4r-ie_firmwareubuntu_linuxmanagern/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2015-5194
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-11.83% / 93.46%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.SUSERed Hat, Inc.Fedora Project
Product-enterprise_linux_desktopenterprise_linux_workstationfedoralinux_enterprise_serveropenstack_cloudenterprise_linux_serverdebian_linuxmanager_proxylinux_enterprise_debuginfoenterprise_linux_hpc_nodeubuntu_linuxntpmanagern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3195
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.22% / 83.82%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Fedora ProjectApple Inc.OpenSSLDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serversolarislinux_enterprise_serversun_ray_softwarehttp_servercommunications_webrtc_session_controllervm_serverdebian_linuxlinuxtransportation_managemententerprise_linux_server_ausexalogic_infrastructurevm_virtualboxleapopensusefedoraenterprise_linux_desktopubuntu_linuxlife_sciences_data_hubenterprise_linux_server_tusintegrated_lights_out_manager_firmwareenterprise_linux_workstationopensslapi_gatewaymac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2695
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.05% / 88.05%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)openSUSESUSEDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-solariskerberos_5leapopensuseubuntu_linuxlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2015-0272
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.91% / 74.88%
||
7 Day CHG~0.00%
Published-17 Nov, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

Action-Not Available
Vendor-n/aSUSEThe GNOME ProjectOracle CorporationCanonical Ltd.
Product-ubuntu_linuxlinux_enterprise_real_time_extensionlinux_enterprise_software_development_kitlinux_enterprise_desktopnetworkmanagerlinux_enterprise_workstation_extensionlinuxlinux_enterprise_serverlinux_enterprise_debuginfon/a
CVE-2014-9854
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.72% / 81.61%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

Action-Not Available
Vendor-n/aCanonical Ltd.SUSEopenSUSEImageMagick Studio LLC
Product-linux_enterprise_serversuse_linux_enterprise_serverleapimagemagicklinux_enterprise_software_development_kitubuntu_linuxopensusen/a
CVE-2014-9116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.62% / 85.09%
||
7 Day CHG~0.00%
Published-02 Dec, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

Action-Not Available
Vendor-muttmageian/aDebian GNU/LinuxSUSE
Product-suse_linux_enterprise_servermuttmageialinux_enterprise_desktopdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8121
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.53% / 84.84%
||
7 Day CHG~0.00%
Published-27 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

Action-Not Available
Vendor-n/aGNUCanonical Ltd.SUSE
Product-suse_linux_enterprise_serverglibcubuntu_linuxsuse_linux_enterprise_desktopn/a
CVE-2014-7815
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.85% / 87.72%
||
7 Day CHG~0.00%
Published-14 Nov, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Action-Not Available
Vendor-n/aSUSEQEMURed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausqemulinux_enterprise_serverenterprise_linux_eusenterprise_linux_desktopubuntu_linuxenterprise_linux_workstationlinux_enterprise_desktopdebian_linuxvirtualizationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-4667
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.14% / 94.10%
||
7 Day CHG~0.00%
Published-03 Jul, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.
Product-linux_kernelubuntu_linuxlinux_enterprise_real_time_extensionlinux_enterprise_desktopdebian_linuxlinux_enterprise_servern/a
CVE-2014-3469
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.24% / 90.52%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

Action-Not Available
Vendor-n/aGNUSUSERed Hat, Inc.Debian GNU/Linux
Product-gnutlsdebian_linuxenterprise_linux_serverenterprise_linux_server_auslinux_enterprise_high_availability_extensionlinux_enterprise_serverenterprise_linux_eusenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_desktoplibtasn1virtualizationlinux_enterprise_software_development_kitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-3467
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.80% / 91.59%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

Action-Not Available
Vendor-n/aGNUSUSERed Hat, Inc.Debian GNU/LinuxF5, Inc.
Product-enterprise_linux_serverlinux_enterprise_high_availability_extensionenterprise_linux_euslinux_enterprise_desktopdebian_linuxlibtasn1arxvirtualizationlinux_enterprise_software_development_kitgnutlsenterprise_linux_server_ausarx_firmwareenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_servern/a
CVE-2014-1498
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.55% / 66.91%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-solarisfirefoxopensuseseamonkeylinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2014-1500
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-2.26% / 83.94%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-solarisfirefoxopensuseseamonkeylinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-17962
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.37%
||
7 Day CHG-0.35%
Published-09 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

Action-Not Available
Vendor-n/aSUSEDebian GNU/LinuxRed Hat, Inc.QEMUOracle CorporationCanonical Ltd.
Product-ubuntu_linuxlinux_enterprise_serverdebian_linuxqemulinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-12122
Matching Score-8
Assigner-Node.js
ShareView Details
Matching Score-8
Assigner-Node.js
CVSS Score-7.5||HIGH
EPSS-2.86% / 85.72%
||
7 Day CHG~0.00%
Published-28 Nov, 2018 | 17:00
Updated-13 Dec, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)SUSE
Product-node.jssuse_openstack_cloudsuse_enterprise_storagesuse_linux_enterprise_serverNode.js
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-5300
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-31.17% / 96.60%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.SUSERed Hat, Inc.Fedora ProjectopenSUSE
Product-enterprise_linux_desktopmanagerlinux_enterprise_desktopenterprise_linux_workstationfedorasuse_linux_enterprise_serverlinux_enterprise_serverleapenterprise_linux_server_eusenterprise_linux_serverdebian_linuxlinux_enterprise_debuginfolinux_enterprise_software_development_kitntpenterprise_linux_hpc_node_eusopenstack_cloudmanager_proxyenterprise_linux_hpc_nodeubuntu_linuxopensusen/a
CVE-2015-2568
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-4.41% / 88.58%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

Action-Not Available
Vendor-n/aSUSEMariaDB FoundationRed Hat, Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_aussolarisenterprise_linux_eusmariadbmysqlubuntu_linuxenterprise_linux_desktopcommunications_policy_managemententerprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2004-0232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.03% / 76.42%
||
7 Day CHG~0.00%
Published-05 May, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

Action-Not Available
Vendor-n/aSlackwareGentoo Foundation, Inc.Silicon Graphics, Inc.Midnight Commander
Product-propackmidnight_commanderslackware_linuxlinuxn/a
CVE-2013-3801
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.81% / 73.28%
||
7 Day CHG~0.00%
Published-17 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Action-Not Available
Vendor-n/aopenSUSEMariaDB FoundationSUSEOracle Corporation
Product-mariadbmysqlopensuselinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
  • Previous
  • 1
  • 2
  • Next
Details not found