Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-0470

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Feb, 2005 | 05:00
Updated At-07 Aug, 2024 | 21:13
Rejected At-
Credits

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Feb, 2005 | 05:00
Updated At:07 Aug, 2024 | 21:13
Rejected At:
â–¼CVE Numbering Authority (CNA)

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
mailing-list
x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
vdb-entry
x_refsource_XF
http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/14313
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1013226
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/14313
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1013226
Resource:
vdb-entry
x_refsource_SECTRACK
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
mailing-list
x_refsource_MLIST
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
vdb-entry
x_refsource_XF
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/14313
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1013226
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/14313
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1013226
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Mar, 2005 | 05:00
Updated At:16 Apr, 2026 | 00:27

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.1
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.1:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.2
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.2:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.3
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.3:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.4
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.5
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
wpa_supplicant
wpa_supplicant
>>wpa_supplicant>>0.2.6
cpe:2.3:a:wpa_supplicant:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
Gentoo Foundation, Inc.
gentoo
>>linux>>*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.2
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.2
cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.shmoo.com/pipermail/hostap/2005-February/009465.htmlcve@mitre.org
N/A
http://secunia.com/advisories/14313cve@mitre.org
Patch
Vendor Advisory
http://securitytracker.com/id?1013226cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-22.xmlcve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19357cve@mitre.org
N/A
http://lists.shmoo.com/pipermail/hostap/2005-February/009465.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/14313af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://securitytracker.com/id?1013226af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-22.xmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19357af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/14313
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1013226
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/14313
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1013226
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/19357
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

81Records found
CVE-2016-4954
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.47% / 90.30%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

Action-Not Available
Vendor-ntpn/aopenSUSEOracle CorporationSiemens AGSUSE
Product-tim_4r-iesimatic_net_cp_443-1_opc_ualinux_enterprise_desktoptim_4r-ie_dnp3_firmwaremanagertim_4r-ie_dnp3ntpmanager_proxyleapsolarislinux_enterprise_servertim_4r-ie_firmwaresimatic_net_cp_443-1_opc_ua_firmwareopenstack_cloudopensusen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-5285
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.63% / 82.10%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 15:44
Updated-06 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-SUSEDebian GNU/LinuxRed Hat, Inc.Mozilla CorporationAvaya LLC
Product-call_management_systemlinux_enterprise_serveraura_application_server_5300cs1000e\/cs1000m_signaling_server_firmwareaura_communication_managermessage_networkingcs1000m_firmwareproactive_contactiqcs1000e_firmwareaura_system_platformbreeze_platformaura_application_enablement_servicesaura_system_platform_firmwareaura_communication_manager_messagintone-x_client_enablement_servicesip_officeaura_system_manageraura_utility_servicesaura_conferencingaura_experience_portalaura_session_managersession_border_controller_for_enterpriseenterprise_linuxcs1000msession_border_controller_for_enterprise_firmwaremeeting_exchangecs1000edebian_linuxaura_messagingcs1000e\/cs1000m_signaling_servernssNetwork Security Services
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4953
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.62% / 94.34%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

Action-Not Available
Vendor-ntpn/aopenSUSEOracle CorporationSiemens AGSUSE
Product-tim_4r-iesimatic_net_cp_443-1_opc_ualinux_enterprise_desktoptim_4r-ie_dnp3_firmwaremanagertim_4r-ie_dnp3ntpmanager_proxyleapsolarislinux_enterprise_servertim_4r-ie_firmwaresimatic_net_cp_443-1_opc_ua_firmwareopenstack_cloudopensusen/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-1286
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-53.59% / 98.02%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEJuniper Networks, Inc.Internet Systems Consortium, Inc.SUSEDebian GNU/LinuxFedora Project
Product-srx2300ubuntu_linuxsrx345srx1600srx110fedorasrx5800srx300srx4700vsrxsrx380managersrx550_hmsrx550msrx650srx1400srx240mleapsrx3400srx4000srx100opensusesrx1500debian_linuxlinux_enterprise_desktopsrx340srx4100srx5600linux_enterprise_debuginfolinux_enterprise_serversrx320srx3600srx4300linux_enterprise_software_development_kitsrx4600srx240h2junossrx5000srx220manager_proxysrx4200bindsrx550srx5400srx210openstack_cloudsrx240n/a
CVE-2015-5194
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.41% / 92.43%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.SUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationmanagerenterprise_linux_desktopntpmanager_proxylinux_enterprise_debuginfolinux_enterprise_serverenterprise_linux_hpc_nodefedoraopenstack_cloudn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2695
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.58% / 89.34%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationMIT (Massachusetts Institute of Technology)SUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopkerberos_5leapsolarislinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2015-2568
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-4.02% / 88.60%
||
7 Day CHG+0.06%
Published-16 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_server_tussolarislinux_enterprise_servercommunications_policy_managemententerprise_linux_eusenterprise_linux_server_auslinux_enterprise_software_development_kitn/a
CVE-2015-3195
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-3.48% / 87.73%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEOracle CorporationSUSEOpenSSLRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-vm_serverubuntu_linuxdebian_linuxmac_os_xsun_ray_softwareapi_gatewayenterprise_linux_server_tusenterprise_linux_desktopvm_virtualboxlife_sciences_data_hublinux_enterprise_serverenterprise_linux_server_ausfedoraintegrated_lights_out_manager_firmwarehttp_servercommunications_webrtc_session_controllerenterprise_linux_serverenterprise_linux_workstationtransportation_managementleapsolarislinuxopensslexalogic_infrastructureopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0272
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.91% / 76.08%
||
7 Day CHG~0.00%
Published-17 Nov, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

Action-Not Available
Vendor-n/aCanonical Ltd.The GNOME ProjectOracle CorporationSUSE
Product-ubuntu_linuxlinux_enterprise_desktopnetworkmanagerlinux_enterprise_workstation_extensionlinux_enterprise_real_time_extensionlinux_enterprise_debuginfolinux_enterprise_serverlinuxlinux_enterprise_software_development_kitn/a
CVE-2014-9116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.52% / 87.79%
||
7 Day CHG~0.00%
Published-02 Dec, 2014 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

Action-Not Available
Vendor-muttmageian/aDebian GNU/LinuxSUSE
Product-debian_linuxlinux_enterprise_desktopmuttsuse_linux_enterprise_servermageian/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9854
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 83.66%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSESUSE
Product-imagemagickubuntu_linuxsuse_linux_enterprise_serverleaplinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CVE-2014-8121
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.53% / 85.64%
||
7 Day CHG~0.00%
Published-27 Mar, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUSUSE
Product-glibcsuse_linux_enterprise_desktopubuntu_linuxsuse_linux_enterprise_servern/a
CVE-2014-4667
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.14% / 94.46%
||
7 Day CHG~0.00%
Published-03 Jul, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_serverlinux_kerneln/a
CVE-2014-7815
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.85% / 88.34%
||
7 Day CHG~0.00%
Published-14 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Action-Not Available
Vendor-n/aCanonical Ltd.QEMUSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopenterprise_linux_serverqemuenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_eusvirtualizationenterprise_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1498
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.55% / 68.14%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

Action-Not Available
Vendor-n/aopenSUSEOracle CorporationSUSEMozilla Corporation
Product-firefoxseamonkeylinux_enterprise_desktoplinux_enterprise_serversolarislinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2014-1500
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-2.26% / 84.81%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

Action-Not Available
Vendor-n/aopenSUSEOracle CorporationSUSEMozilla Corporation
Product-firefoxseamonkeylinux_enterprise_desktoplinux_enterprise_serversolarislinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2013-4458
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.20% / 79.16%
||
7 Day CHG~0.00%
Published-12 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Action-Not Available
Vendor-n/aSUSEGNU
Product-linux_enterprise_serverglibclinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3801
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.62% / 70.27%
||
7 Day CHG~0.00%
Published-17 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Action-Not Available
Vendor-n/aMariaDB FoundationopenSUSEOracle CorporationSUSE
Product-linux_enterprise_desktopmariadbmysqllinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CVE-2022-21952
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.39%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 10:05
Updated-16 Sep, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUMA unauthenticated remote DoS via resource exhaustion

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.

Action-Not Available
Vendor-SUSE
Product-manager_serverSUSE Manager Server 4.1SUSE Manager Server 4.2
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2013-2020
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.72% / 92.03%
||
7 Day CHG~0.00%
Published-13 May, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aCanonical Ltd.ClamAVSUSE
Product-linux_enterprise_serverclamavubuntu_linuxn/a
CVE-2010-3873
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.37% / 87.52%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncSUSEDebian GNU/Linux
Product-linux_enterprise_serverdebian_linuxlinux_kernelopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.33% / 85.03%
||
7 Day CHG~0.00%
Published-06 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Oracle CorporationSUSEThe Apache Software FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxmac_os_xlinux_enterprise_serverapr-utilfedorahttp_servern/a
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2019-19923
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.20% / 90.97%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:43
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19925
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.01% / 91.58%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 16:03
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-19926
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.34% / 92.39%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:53
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19880
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.44% / 92.44%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-enterprise_linux_serversinec_infrastructure_network_servicesdebian_linuxcloud_backupsqlitelinux_enterpriseenterprise_linux_workstationpackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-18904
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-6.5||MEDIUM
EPSS-0.93% / 76.40%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 07:10
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Migrations requests can cause DoS on rmt

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.

Action-Not Available
Vendor-openSUSESUSE
Product-linux_enterprise_serverlinux_enterprise_high_performance_computingrmt-serverlinux_enterpriseleapSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise Module for Public Cloud 15-SP1SUSE Linux Enterprise Module for Server Applications 15-SP1openSUSE Leap 15.1SUSE Linux Enterprise Module for Server Applications 15SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP 15
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-3469
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.52% / 89.28%
||
7 Day CHG-4.15%
Published-05 Jun, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

Action-Not Available
Vendor-n/aGNUSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlibtasn1linux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopgnutlslinux_enterprise_high_availability_extensionlinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_eusvirtualizationlinux_enterprise_software_development_kitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-3467
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.12% / 91.64%
||
7 Day CHG+0.29%
Published-05 Jun, 2014 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

Action-Not Available
Vendor-n/aGNUF5, Inc.SUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlinux_enterprise_desktoparxenterprise_linux_server_tusenterprise_linux_desktoplinux_enterprise_serverarx_firmwareenterprise_linux_server_auslinux_enterprise_software_development_kitlibtasn1enterprise_linux_serverenterprise_linux_workstationgnutlslinux_enterprise_high_availability_extensionenterprise_linux_eusvirtualizationn/a
CVE-2013-1861
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-20.76% / 95.68%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationopenSUSEOracle CorporationSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopmariadbmysqlopensuselinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 78.01%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 16:44
Updated-05 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

Action-Not Available
Vendor-n/aopenSUSELibTIFFSUSE
Product-linux_enterprise_software_development_kitlinux_enterprise_serverlibtifflinux_enterprise_desktopleapn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
  • Previous
  • 1
  • 2
  • Next
Details not found