Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-4349

Summary
Assigner-flexera
Assigner Org ID-44d08088-2bea-4760-83a6-1e9be26b15ab
Published At-23 Oct, 2008 | 21:00
Updated At-07 Aug, 2024 | 14:53
Rejected At-
Credits

The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:flexera
Assigner Org ID:44d08088-2bea-4760-83a6-1e9be26b15ab
Published At:23 Oct, 2008 | 21:00
Updated At:07 Aug, 2024 | 14:53
Rejected At:
▼CVE Numbering Authority (CNA)

The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securityreason.com/securityalert/4501
third-party-advisory
x_refsource_SREASON
http://marc.info/?l=bugtraq&m=122876677518654&w=2
vendor-advisory
x_refsource_HP
http://www.securitytracker.com/id?1021092
vdb-entry
x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/46028
vdb-entry
x_refsource_XF
http://secunia.com/advisories/27054
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/secunia_research/2007-83/
x_refsource_MISC
http://www.securityfocus.com/archive/1/497648/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/31860
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2008/2888
vdb-entry
x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=122876827120961&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=122876827120961&w=2
vendor-advisory
x_refsource_HP
Hyperlink: http://securityreason.com/securityalert/4501
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://marc.info/?l=bugtraq&m=122876677518654&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securitytracker.com/id?1021092
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46028
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/27054
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/secunia_research/2007-83/
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/497648/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/31860
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2008/2888
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://marc.info/?l=bugtraq&m=122876827120961&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=122876827120961&w=2
Resource:
vendor-advisory
x_refsource_HP
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securityreason.com/securityalert/4501
third-party-advisory
x_refsource_SREASON
x_transferred
http://marc.info/?l=bugtraq&m=122876677518654&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.securitytracker.com/id?1021092
vdb-entry
x_refsource_SECTRACK
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/46028
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/27054
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/secunia_research/2007-83/
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/497648/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/bid/31860
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2008/2888
vdb-entry
x_refsource_VUPEN
x_transferred
http://marc.info/?l=bugtraq&m=122876827120961&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=122876827120961&w=2
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://securityreason.com/securityalert/4501
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=122876677518654&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021092
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46028
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/27054
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/secunia_research/2007-83/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/497648/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31860
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2888
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=122876827120961&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=122876827120961&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT-CNA@flexerasoftware.com
Published At:23 Oct, 2008 | 22:00
Updated At:30 Oct, 2018 | 16:25

The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
HP Inc.
hp
>>openview_performance_agent>>c.04.60
cpe:2.3:a:hp:openview_performance_agent:c.04.60:*:*:*:*:*:*:*
HP Inc.
hp
>>openview_performance_agent>>c.04.61
cpe:2.3:a:hp:openview_performance_agent:c.04.61:*:*:*:*:*:*:*
HP Inc.
hp
>>openview_reporter>>3.70
cpe:2.3:a:hp:openview_reporter:3.70:*:*:*:*:*:*:*
HP Inc.
hp
>>performance_agent>>4.70
cpe:2.3:a:hp:performance_agent:4.70:*:*:*:*:*:*:*
HP Inc.
hp
>>reporter>>3.8
cpe:2.3:a:hp:reporter:3.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=122876677518654&w=2PSIRT-CNA@flexerasoftware.com
N/A
http://marc.info/?l=bugtraq&m=122876827120961&w=2PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/27054PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://secunia.com/secunia_research/2007-83/PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://securityreason.com/securityalert/4501PSIRT-CNA@flexerasoftware.com
N/A
http://www.securityfocus.com/archive/1/497648/100/0/threadedPSIRT-CNA@flexerasoftware.com
N/A
http://www.securityfocus.com/bid/31860PSIRT-CNA@flexerasoftware.com
Patch
http://www.securitytracker.com/id?1021092PSIRT-CNA@flexerasoftware.com
N/A
http://www.vupen.com/english/advisories/2008/2888PSIRT-CNA@flexerasoftware.com
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46028PSIRT-CNA@flexerasoftware.com
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=122876677518654&w=2
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=122876827120961&w=2
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27054
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/secunia_research/2007-83/
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/4501
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/497648/100/0/threaded
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31860
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1021092
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2888
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46028
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

16Records found
CVE-2012-6501
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 67.91%
||
7 Day CHG~0.00%
Published-12 Jan, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process.

Action-Not Available
Vendor-n/aHP Inc.
Product-pki_activex_controln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-4568
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.71% / 71.43%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 18:30
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelmq_appliancehp-uxwindowsmqaixMQ
CVE-2009-4777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.98% / 75.83%
||
7 Day CHG~0.00%
Published-21 Apr, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file."

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)Hitachi, Ltd.HP Inc.
Product-windowsjob_management_partner_1\/performance_management\/snmp_system_observerjob_management_partner_1\/snmp_system_observerjp1\/server_system_observerhp-uxjp1\/cm2\/snmp_system_observerjp1\/integrated_management-viewjob_management_partner_1\/integrated_manager-viewjp1\/performance_management\/snmp_system_observerjob_management_partner_1\/automatic_job_management_system_2-viewsolarisjp1\/integrated_manager-viewjp1_integrated_management_service_supportjp1\/integrated_manager-console_viewjob_management_partner_1\/integrated_management-viewjp1\/automatic_job_management_system_2-viewjob_management_partner_1\/integrated_manager-console_viewn/a
CVE-2019-2842
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.22% / 45.00%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-01 Oct, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.McAfee, LLCopenSUSEHP Inc.Oracle Corporation
Product-ubuntu_linuxxp7_command_viewepolicy_orchestratorjrejdkleapJava
CVE-2014-0382
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-2.21% / 83.78%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 01:33
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationHP Inc.
Product-enterprise_linux_workstation_supplementaryjavafxenterprise_linux_server_supplementaryenterprise_linux_server_supplementary_aushp-uxenterprise_linux_hpc_node_supplementaryjdkenterprise_linux_server_supplementary_eusjreenterprise_linux_desktop_supplementaryn/a
CVE-2016-8106
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.47% / 87.08%
||
7 Day CHG~0.00%
Published-09 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

Action-Not Available
Vendor-Lenovo Group LimitedHP Inc.Intel Corporation
Product-system_x3250_m5thinkserver_rd550ethernet_10gb_4-port_563sfp\+ethernet_converged_network_adapter_x710-da2_x710da2g2p5ethernet_10gb_2-port_562sfp\+system_x3550_m5ethernet_converged_network_adapter_xl710-qda2_xl710qda2ethernet_controller_xl710-am2_sr1zkconverged_hx7510_applianceethernet_controller_xl710-bm1_sllkaethernet_converged_network_adapter_xl710-qda1_xl710qda1thinkserver_td350eth_converged_ntwk_adptr_xl710-qda1_exl710qda1g1p5ethernet_converged_network_adapter_x710-da4_x710da4g2p5ethernet_converged_network_adapter_xl710-qda1_xl710qda1g2p5ethernet_converged_network_adapter_xl710-qda2_xl710qda2blkethernet_controller_x710-bm2_sllkbethernet_converged_network_adapter_x710-da2_x710da2blkethernet_controller_xl710-bm2_sllk8thinkserver_rd350thinkserver_rd650ethernet_converged_network_adapter_x710-da4_x710da4fhblkethernet_i\/o_module_xl710-qda1_axx1p40frtiomthinkserver_rd450system_x3650_m5ethernet_10gb_2-port_562flr-sfp\+ethernet_controller_xl710-bm1_sllk9converged_hx7500_applianceethernet_controller_xl710_firmwareethernet_controller_xl710-am2_sr1zlproliant_xl260a_g9_serverthinkserver_sd350ethernet_controller_xl710-bm2_sllk7ethernet_controller_x710-am2_sr1zqconverged_hx_seriessystem_x3500_m5system_x3950_x6ethernet_controller_x710-am2_sr1zpeth_converged_ntwk_adptr_xl710-qda2_exl710qda2g1p5thinkagile_cx4200system_x3850_x6ethernet_converged_network_adapter_xl710-qda2_xl710qda2g2p5ethernet_converged_network_adapter_xl710-qda1_xl710qda1blkethernet_controller_x710_firmwareethernet_controller_xl710-am1_sr1zmeth_converged_ntwk_adptr_x710-da4_ex710da4g1p5thinkagile_cx2200nextscale_nx360_m5converged_hx5500_applianceethernet_controller_x710-bm2_sllkcethernet_converged_network_adapter_x710-da4_x710da4fhg2p5system_x3750_m4converged_hx5510_applianceeth_converged_ntwk_adptr_x710-da2_ex710da2g1p5ethernet_i\/o_module_xl710-qda2_axx2p40frtiomethernet_converged_network_adapter_x710-da4_x710da4fhethernet_converged_network_adapter_x710-da2_x710da2eth_converged_ntwk_adptr_x710-da4_ex710da4fhg1p5ethernet_controller_xl710-am1_sr1znthinkagile_cx4600Intel® Ethernet Controller X710 family and Intel® Ethernet Controller XL710 family
CWE ID-CWE-20
Improper Input Validation
CVE-2018-2663
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 25.34%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2018-2678
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 25.34%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2013-6209
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.46% / 63.02%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2016-6306
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-9.37% / 92.45%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)OpenSSLCanonical Ltd.Debian GNU/LinuxNovellHP Inc.
Product-debian_linuxsuse_linux_enterprise_module_for_web_scriptingicewall_federation_agentubuntu_linuxicewall_sso_agent_optionopensslicewall_mcrpnode.jsicewall_sson/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-2775
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-34.23% / 96.84%
||
7 Day CHG~0.00%
Published-19 Jul, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.Red Hat, Inc.Fedora ProjectHP Inc.
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_eusfedorabindenterprise_linux_desktophp-uxenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-2677
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 25.34%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp_command_viewdebian_linuxxp7_command_viewenterprise_linux_server_eusxp_p9000_command_viewjreenterprise_linux_server_ausenterprise_linux_workstationsatellitejdkenterprise_linux_server_tusenterprise_linux_desktopstruxureware_data_center_expertJava
CVE-2018-2952
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.NetApp, Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxvirtual_storage_consolexp7_command_viewcloud_backupenterprise_linux_server_ausactive_iq_unified_managersatellitejdkoncommand_workflow_automationjrockitsteelstore_cloud_integrated_storagedebian_linuxplug-in_for_symantec_netbackupstorage_replication_adapter_for_clustered_data_ontapsnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusvasa_provider_for_clustered_data_ontapenterprise_linux_server_tusoncommand_unified_managerenterprise_linux_desktoponcommand_insightJava
CVE-2008-1853
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 08:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit request).

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-399
Not Available
CVE-2007-5242
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.63% / 69.41%
||
7 Day CHG~0.00%
Published-06 Oct, 2007 | 16:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."

Action-Not Available
Vendor-n/aHP Inc.
Product-openvmsn/a
CVE-2015-3196
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-5.68% / 90.03%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectOpenSSLCanonical Ltd.Debian GNU/LinuxOracle CorporationHP Inc.
Product-enterprise_linux_serverenterprise_linux_server_ausdebian_linuxvm_virtualboxfedoraenterprise_linux_desktopubuntu_linuxicewall_sso_agent_optionenterprise_linux_server_eusenterprise_linux_server_tusenterprise_linux_workstationopensslicewall_sson/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Details not found