Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-4844

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-12 Sep, 2007 | 20:00
Updated At-07 Aug, 2024 | 15:08
Rejected At-
Credits

X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:12 Sep, 2007 | 20:00
Updated At:07 Aug, 2024 | 15:08
Rejected At:
▼CVE Numbering Authority (CNA)

X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/36488
vdb-entry
x_refsource_XF
http://securityreason.com/securityalert/3125
third-party-advisory
x_refsource_SREASON
http://www.securityfocus.com/archive/1/478728/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://osvdb.org/39616
vdb-entry
x_refsource_OSVDB
http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt
x_refsource_MISC
http://www.securityfocus.com/bid/25583
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/36488
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://securityreason.com/securityalert/3125
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.securityfocus.com/archive/1/478728/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://osvdb.org/39616
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/25583
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/36488
vdb-entry
x_refsource_XF
x_transferred
http://securityreason.com/securityalert/3125
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.securityfocus.com/archive/1/478728/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://osvdb.org/39616
vdb-entry
x_refsource_OSVDB
x_transferred
http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/25583
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/36488
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://securityreason.com/securityalert/3125
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/478728/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://osvdb.org/39616
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/25583
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:12 Sep, 2007 | 20:17
Updated At:15 Oct, 2018 | 21:38

X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
x-diesel
x-diesel
>>unreal_commander>>0.92_build565
cpe:2.3:a:x-diesel:unreal_commander:0.92_build565:*:*:*:*:*:*:*
x-diesel
x-diesel
>>unreal_commander>>0.92_build573
cpe:2.3:a:x-diesel:unreal_commander:0.92_build573:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txtcve@mitre.org
N/A
http://osvdb.org/39616cve@mitre.org
N/A
http://securityreason.com/securityalert/3125cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/478728/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/25583cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/36488cve@mitre.org
N/A
Hyperlink: http://blog.hispasec.com/lab/advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/39616
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/3125
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/478728/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/25583
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/36488
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

571Records found
CVE-2015-8722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.22%
||
7 Day CHG~0.00%
Published-04 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-04 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8735
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.60% / 68.41%
||
7 Day CHG~0.00%
Published-04 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8538
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.20%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).

Action-Not Available
Vendor-libdwarf_projectn/a
Product-libdwarfn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1012
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.98% / 75.83%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 10:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation."

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_airport_extreme_base_stationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 67.74%
||
7 Day CHG~0.00%
Published-15 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharksolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.75% / 72.20%
||
7 Day CHG~0.00%
Published-12 Jan, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_link_controllerbig-ip_application_acceleration_managerbig-ip_analyticsbig-ip_application_security_managerbig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_access_policy_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0071
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-4.3||MEDIUM
EPSS-24.43% / 95.90%
||
7 Day CHG~0.00%
Published-16 Jun, 2008 | 18:26
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.

Action-Not Available
Vendor-bittorrentutorrentn/a
Product-utorrentbittorrentn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6244
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.80% / 73.15%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharklinuxsolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6245
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.53%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharklinuxsolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0298
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-6.67% / 90.85%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarimac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharksolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharksolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.68% / 70.62%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharklinuxsolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharksolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6243
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.66% / 70.21%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharklinuxsolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6246
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.66% / 70.21%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharklinuxsolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.17%
||
7 Day CHG~0.00%
Published-22 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4278
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.42%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_appliance_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3182
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-04 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.63% / 69.42%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 19:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5339
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-20.18% / 95.29%
||
7 Day CHG~0.00%
Published-21 Oct, 2007 | 19:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.01% / 82.95%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.

Action-Not Available
Vendor-gaia-gisn/aDebian GNU/Linux
Product-debian_linuxfreexln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2822
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.60% / 68.47%
||
7 Day CHG~0.00%
Published-08 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.

Action-Not Available
Vendor-n/aSiemens AG
Product-winccn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 63.02%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-54.48% / 97.94%
||
7 Day CHG~0.00%
Published-30 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-foxit_readerenterprise_readerphantompdfn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2516
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-16.78% / 94.68%
||
7 Day CHG~0.00%
Published-09 Sep, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (data loss) via a crafted .jnt file, aka "Windows Journal DoS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 63.02%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 67.42%
||
7 Day CHG~0.00%
Published-22 Nov, 2007 | 00:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).

Action-Not Available
Vendor-ingaten/a
Product-ingate_firewallingate_siparatorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-17810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.00%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 63.02%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5340
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-14.75% / 94.23%
||
7 Day CHG~0.00%
Published-21 Oct, 2007 | 19:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5282
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.63% / 69.35%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager.

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-cosminexus_library_standardcosminexus_agentcosminexus_library_webn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-4999
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 22:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

Action-Not Available
Vendor-n/aPidgin
Product-pidginn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 62.90%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9811
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.58% / 67.82%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-4887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.19% / 83.72%
||
7 Day CHG~0.00%
Published-14 Sep, 2007 | 00:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1607
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.63% / 69.37%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 18:30
Updated-06 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."

Action-Not Available
Vendor-gnupgn/aCanonical Ltd.
Product-gnupgubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 63.21%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

Action-Not Available
Vendor-n/aJasPer
Product-jaspern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1525
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.28%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 17:11
Updated-06 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33659
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 13:33
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.60% / 68.43%
||
7 Day CHG~0.00%
Published-01 Mar, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-debian_linuxleapgraphicsmagickopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1786
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.94% / 91.04%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:05
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus PDF Out-of-Bounds Read Vulnerability

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1788
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-10.80% / 93.06%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:15
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV OLE2 File Out-Of-Bounds Write Vulnerability

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.

Action-Not Available
Vendor-Debian GNU/LinuxClamAVopenSUSECisco Systems, Inc.
Product-clamavdebian_linuxleapClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-0879
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 64.92%
||
7 Day CHG~0.00%
Published-20 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment.

Action-Not Available
Vendor-almailn/a
Product-al-mail32n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 73.04%
||
7 Day CHG~0.00%
Published-25 Nov, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-45.04% / 97.50%
||
7 Day CHG~0.00%
Published-01 Jun, 2007 | 00:00
Updated-07 Aug, 2024 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1441
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.60% / 80.94%
||
7 Day CHG~0.00%
Published-14 Mar, 2007 | 00:00
Updated-07 Aug, 2024 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page.

Action-Not Available
Vendor-rimn/a
Product-blackberry_browserblackberry_8100blackberryn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9907
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 79.69%
||
7 Day CHG~0.00%
Published-19 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9806
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 63.02%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 11
  • 12
  • Next
Details not found