Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-5506

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Oct, 2007 | 23:00
Updated At-07 Aug, 2024 | 15:31
Rejected At-
Credits

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Oct, 2007 | 23:00
Updated At:07 Aug, 2024 | 15:31
Rejected At:
▼CVE Numbering Authority (CNA)

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/26108
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2007/3524
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/482424/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/3626
vdb-entry
x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA07-290A.html
third-party-advisory
x_refsource_CERT
http://securityreason.com/securityalert/3244
third-party-advisory
x_refsource_SREASON
http://marc.info/?l=bugtraq&m=119332677525918&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=119332677525918&w=2
vendor-advisory
x_refsource_HP
http://www.securitytracker.com/id?1018823
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/27409
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27251
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/26108
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2007/3524
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/482424/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2007/3626
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-290A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://securityreason.com/securityalert/3244
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://marc.info/?l=bugtraq&m=119332677525918&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=119332677525918&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securitytracker.com/id?1018823
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/27409
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27251
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/26108
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2007/3524
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/482424/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.vupen.com/english/advisories/2007/3626
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-290A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://securityreason.com/securityalert/3244
third-party-advisory
x_refsource_SREASON
x_transferred
http://marc.info/?l=bugtraq&m=119332677525918&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=119332677525918&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.securitytracker.com/id?1018823
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/27409
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27251
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/26108
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3524
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/482424/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3626
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-290A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://securityreason.com/securityalert/3244
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=119332677525918&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=119332677525918&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018823
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/27409
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27251
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:17 Oct, 2007 | 23:17
Updated At:15 Oct, 2018 | 21:45

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Oracle Corporation
oracle
>>database_server>>9.0.1.5
cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>9.2.0.8
cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>9.2.0.8dv
cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>10.1.0.5
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>10.2.0.3
cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=119332677525918&w=2cve@mitre.org
N/A
http://secunia.com/advisories/27251cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27409cve@mitre.org
N/A
http://securityreason.com/securityalert/3244cve@mitre.org
N/A
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/482424/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/26108cve@mitre.org
N/A
http://www.securitytracker.com/id?1018823cve@mitre.org
N/A
http://www.us-cert.gov/cas/techalerts/TA07-290A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2007/3524cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2007/3626cve@mitre.org
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=119332677525918&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/27251
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27409
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/3244
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/482424/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/26108
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1018823
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-290A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/3524
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/3626
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

174Records found
CVE-2017-3857
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.56%
||
7 Day CHG~0.00%
Published-22 Mar, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xeCisco IOS and IOS XE
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-399
Not Available
CVE-2017-3856
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.12%
||
7 Day CHG~0.00%
Published-22 Mar, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xeCisco IOS XE
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-399
Not Available
CVE-2017-3864
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.12% / 77.40%
||
7 Day CHG~0.00%
Published-22 Mar, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xeCisco IOS and IOS XE
CWE ID-CWE-399
Not Available
CVE-2019-1957
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 65.72%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:30
Updated-19 Nov, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director (IoT-FND)
CWE ID-CWE-399
Not Available
CVE-2019-1967
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.57% / 84.98%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 21:45
Updated-19 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_6004mds_9140nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_7000_9-slotnexus_9364cnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3164qmds_9200nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9000nexus_9272qnexus_3464cmds_9700nexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_7700_18-slotnexus_5596upnexus_3524nexus_3548mds_9500nexus_7000_4-slotnexus_7700_6-slotnexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_7700_10-slotmds_9100nexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_7000_10-slotnexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_5596tnexus_3264c-enexus_7700_2-slotnexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_7000_18-slotnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20771
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.67%
||
7 Day CHG-0.02%
Published-04 May, 2022 | 17:05
Updated-06 Nov, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

Action-Not Available
Vendor-ClamAVDebian GNU/LinuxFedora ProjectCisco Systems, Inc.
Product-secure_endpointclamavdebian_linuxfedoraCisco AMP for Endpoints
CWE ID-CWE-399
Not Available
CVE-2022-20770
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.50% / 64.92%
||
7 Day CHG-0.01%
Published-04 May, 2022 | 17:05
Updated-06 Nov, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

Action-Not Available
Vendor-ClamAVDebian GNU/LinuxFedora ProjectCisco Systems, Inc.
Product-secure_endpointclamavdebian_linuxfedoraCisco AMP for Endpoints
CWE ID-CWE-399
Not Available
CVE-2022-20715
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:16
Updated-16 Sep, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20767
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.35% / 79.32%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:15
Updated-06 Nov, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-12246
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.29% / 86.70%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwareCisco Adaptive Security Appliance Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-399
Not Available
CVE-2017-12219
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.38% / 79.51%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-spa_514gspa_502g_firmwarespa_504g_firmwarespa_501gspa_512g_firmwarespa_502gspa_500sspa_303_firmwarespa_301_firmwarespa_501g_firmwarespa_508gspa_514g_firmwarespa_301spa_509gspa_303spa_500ds_firmwarespa_500s_firmwarespa_509g_firmwarespa_504gspa_512gspa_500dsspa_508g_firmwareCisco Small Business SPA300, SPA500, and SPA51x Series IP Phones
CWE ID-CWE-399
Not Available
CVE-2017-12362
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.89% / 74.63%
||
7 Day CHG~0.00%
Published-30 Nov, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-meeting_serverCisco Meeting Server
CWE ID-CWE-399
Not Available
CVE-2019-1635
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 14:55
Updated-19 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability

A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8841ip_phone_8861ip_conference_phone_8832ip_phone_8845_firmwareip_phone_7841ip_phone_7811_firmwareunified_ip_8831_conference_phone_for_third-party_call_control2ip_phone_8811wireless_ip_phone_8821-ex_firmwareip_phone_8811_firmwareip_conference_phone_8832_firmwareip_phone_7861_firmwareunified_ip_8831_conference_phone1ip_phone_8845ip_phone_8851_firmwareip_phone_7821_firmwareip_phone_8841_firmwareip_phone_8865_firmwareip_conference_phone_7832ip_phone_8865ip_phone_7841_firmwareunified_ip_8831_conference_phone_for_third-party_call_control2_firmwarewireless_ip_phone_8821-exip_conference_phone_7832_firmwareunified_ip_8831_conference_phone1_firmwareip_phone_7811ip_phone_7861ip_phone_8851ip_phone_8861_firmwarewireless_ip_phone_8821ip_phone_7821wireless_ip_phone_8821_firmwareCisco Wireless IP Phone 8821 and 8821-EXCisco IP Phone 7800 Series and 8800 Series
CWE ID-CWE-399
Not Available
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-12652
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.18% / 86.46%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-19 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability

A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ioscatalyst_4500_supervisor_engine_6-ecatalyst_4500_supervisor_engine_6l-ecatalyst_4948ecatalyst_4900mcatalyst_4948e-fCisco IOS 15.0(1)XO1
CWE ID-CWE-399
Not Available
CVE-2009-3726
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-5.82% / 90.18%
||
7 Day CHG~0.00%
Published-09 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-399
Not Available
CVE-2009-2541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.02% / 83.03%
||
7 Day CHG~0.00%
Published-20 Jul, 2009 | 18:00
Updated-23 Apr, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

Action-Not Available
Vendor-n/aSony Group Corporation
Product-playstation_3n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-399
Not Available
CVE-2009-1163
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.64% / 69.73%
||
7 Day CHG~0.00%
Published-24 Jun, 2009 | 22:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-physical_access_gatewayn/a
CWE ID-CWE-399
Not Available
CVE-2009-1928
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-50.58% / 97.76%
||
7 Day CHG~0.00%
Published-11 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_2000windows_2003_serverwindows_xpwindows_server_2008n/a
CWE ID-CWE-399
Not Available
CVE-2009-0020
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.24% / 83.91%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2017-3790
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.01%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-expresswaytelepresence_video_communication_serverCisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-399
Not Available
CVE-2021-1288
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.60% / 68.38%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Enf Broker Denial of Service Vulnerability

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-399
Not Available
CVE-2020-3303
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 63.12%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:42
Updated-15 Nov, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550adaptive_security_applianceasa_5505adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3351
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.56% / 67.44%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:21
Updated-15 Nov, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Solution Software Denial of Service Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_2000vedge_cloud_routervedge_100mvedge_5000vsmart_controllervedge_100sd-wan_firmwarevedge_1000vedge_100wmvedge_100bCisco SD-WAN Solution
CWE ID-CWE-399
Not Available
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-9225
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.38% / 79.51%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asa_cx_context-aware_security_softwareall versions of the ASA CX Context-Aware Security module
CWE ID-CWE-399
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found