Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-0597

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-26 Feb, 2008 | 00:00
Updated At-07 Aug, 2024 | 07:54
Rejected At-
Credits

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:26 Feb, 2008 | 00:00
Updated At:07 Aug, 2024 | 07:54
Rejected At:
▼CVE Numbering Authority (CNA)

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/29251
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29189
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
vendor-advisory
x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2008-0153.html
vendor-advisory
x_refsource_REDHAT
http://wiki.rpath.com/Advisories:rPSA-2008-0091
x_refsource_CONFIRM
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492
vdb-entry
signature
x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
vendor-advisory
x_refsource_MANDRIVA
http://www.securityfocus.com/bid/27988
vdb-entry
x_refsource_BID
http://www.securityfocus.com/archive/1/488966/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm
x_refsource_CONFIRM
http://secunia.com/advisories/29087
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/40845
vdb-entry
x_refsource_XF
http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0161.html
vendor-advisory
x_refsource_REDHAT
https://issues.rpath.com/browse/RPL-2283
x_refsource_CONFIRM
http://www.securitytracker.com/id?1019497
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/29251
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29189
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0153.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0091
Resource:
x_refsource_CONFIRM
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securityfocus.com/bid/27988
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/archive/1/488966/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/29087
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40845
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0161.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://issues.rpath.com/browse/RPL-2283
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1019497
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/29251
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29189
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0153.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2008-0091
x_refsource_CONFIRM
x_transferred
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securityfocus.com/bid/27988
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/archive/1/488966/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/29087
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/40845
vdb-entry
x_refsource_XF
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0161.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://issues.rpath.com/browse/RPL-2283
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1019497
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/29251
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29189
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0153.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0091
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/27988
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/488966/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/29087
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40845
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0161.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-2283
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019497
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:26 Feb, 2008 | 00:44
Updated At:15 Oct, 2018 | 22:01

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Red Hat, Inc.
redhat
>>desktop>>3.0
cpe:2.3:o:redhat:desktop:3.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>desktop>>4.0
cpe:2.3:o:redhat:desktop:4.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>as_3
cpe:2.3:o:redhat:enterprise_linux:as_3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>as_4
cpe:2.3:o:redhat:enterprise_linux:as_4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>es_3
cpe:2.3:o:redhat:enterprise_linux:es_3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>es_4
cpe:2.3:o:redhat:enterprise_linux:es_4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>ws_3
cpe:2.3:o:redhat:enterprise_linux:ws_3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>ws_4
cpe:2.3:o:redhat:enterprise_linux:ws_4:*:*:*:*:*:*:*
easy_software_products
easy_software_products
>>cups>>1.1.17
cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
easy_software_products
easy_software_products
>>cups>>1.1.22
cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/29087secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/29189secalert@redhat.com
N/A
http://secunia.com/advisories/29251secalert@redhat.com
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-084.htmsecalert@redhat.com
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-098.htmsecalert@redhat.com
N/A
http://wiki.rpath.com/Advisories:rPSA-2008-0091secalert@redhat.com
N/A
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050secalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0153.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0161.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/488966/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/27988secalert@redhat.com
N/A
http://www.securitytracker.com/id?1019497secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/40845secalert@redhat.com
N/A
https://issues.rpath.com/browse/RPL-2283secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492secalert@redhat.com
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29087
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29189
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29251
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0091
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0153.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0161.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/488966/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/27988
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019497
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40845
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-2283
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

540Records found
CVE-2005-0398
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.06% / 88.08%
||
7 Day CHG~0.00%
Published-26 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

Action-Not Available
Vendor-ipsec-toolskamealtlinuxn/aRed Hat, Inc.SUSESilicon Graphics, Inc.
Product-propackipsec-toolsenterprise_linux_desktopsuse_linuxracoonalt_linuxenterprise_linuxn/a
CVE-2004-1142
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.83% / 92.19%
||
7 Day CHG~0.00%
Published-31 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

Action-Not Available
Vendor-altlinuxconectivaethereal_groupn/aSUSESilicon Graphics, Inc.Debian GNU/LinuxRed Hat, Inc.
Product-propacketherealenterprise_linux_desktopdebian_linuxsuse_linuxalt_linuxlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-1090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.06% / 76.75%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-1091
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.06% / 76.75%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0558
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.77% / 92.16%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.

Action-Not Available
Vendor-easy_software_productsn/a
Product-cupsn/a
CVE-2004-1139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.15% / 90.45%
||
7 Day CHG~0.00%
Published-31 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

Action-Not Available
Vendor-altlinuxconectivaethereal_groupn/aSUSESilicon Graphics, Inc.Debian GNU/LinuxRed Hat, Inc.
Product-propacketherealenterprise_linux_desktopdebian_linuxsuse_linuxalt_linuxlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-1269
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.64% / 92.08%
||
7 Day CHG~0.00%
Published-22 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.

Action-Not Available
Vendor-easy_software_productsn/aRed Hat, Inc.
Product-cupsfedora_coren/a
CVE-2004-0634
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.55% / 92.97%
||
7 Day CHG~0.00%
Published-08 Jul, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

Action-Not Available
Vendor-ethereal_groupn/aRed Hat, Inc.Gentoo Foundation, Inc.Mandriva (Mandrakesoft)
Product-ethereallinuxenterprise_linuxlinux_advanced_workstationmandrake_linuxn/a
CVE-2004-0635
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.50% / 92.02%
||
7 Day CHG~0.00%
Published-08 Jul, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

Action-Not Available
Vendor-ethereal_groupn/aRed Hat, Inc.Gentoo Foundation, Inc.Mandriva (Mandrakesoft)
Product-ethereallinuxenterprise_linuxlinux_advanced_workstationmandrake_linuxn/a
CVE-2004-1093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.06% / 76.75%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0112
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.61%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Action-Not Available
Vendor-forcepointsco4dbluecoatneoterisstonesofttarantellalitespeedtechsecurecomputingn/aAvaya LLCNovellSun Microsystems (Oracle Corporation)Symantec CorporationCisco Systems, Inc.Apple Inc.HP Inc.Check Point Software Technologies Ltd.Silicon Graphics, Inc.OpenBSDRed Hat, Inc.Dell Inc.FreeBSD FoundationOpenSSLVMware (Broadcom Inc.)
Product-wbemfirewall_services_moduleapplication_and_content_networking_softwareaaa_servers8700okena_stormwatchmac_os_xthreat_responseapache-based_web_serverpix_firewallpropacks8500provider-1call_managerciscoworks_common_management_foundationclientless_vpn_gateway_4400secure_content_acceleratorvsus8300stonebeat_fullclustergsx_serverfirewall-1access_registrarstonebeat_securityclustergss_4480_global_site_selectortarantella_enterpriseproxysgvpn-1mac_os_x_serverenterprise_linux_desktopmds_9000enterprise_linuxwebstaropenserverbsafe_ssl-jioswebnssg203css11000_content_services_switchopenssllinuxintuity_audixserverclustersg5openbsdlitespeed_web_serversg208sg200cacheos_ca_sastonegateciscoworks_common_servicesgss_4490_global_site_selectorimanagerinstant_virtual_extranetedirectorysidewinderhp-uxconverged_communications_serverstonebeat_webclustercrypto_accelerator_4000freebsdpix_firewall_softwarecontent_services_switch_11500css_secure_content_acceleratorn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2003-0688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.71% / 81.58%
||
7 Day CHG~0.00%
Published-03 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

Action-Not Available
Vendor-compaqsendmailn/aSilicon Graphics, Inc.OpenBSDRed Hat, Inc.FreeBSD Foundation
Product-sendmailtru64openbsdirixfreebsdn/a
CVE-2003-0788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.93% / 82.63%
||
7 Day CHG~0.00%
Published-06 Nov, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).

Action-Not Available
Vendor-easy_software_productsn/a
Product-cupsn/a
CVE-2004-1092
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.43%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0960
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.64% / 85.16%
||
7 Day CHG~0.00%
Published-20 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

Action-Not Available
Vendor-n/aRed Hat, Inc.FreeRADIUS
Product-fedora_coreenterprise_linuxfreeradiusn/a
CVE-2003-0548
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.60% / 68.55%
||
7 Day CHG~0.00%
Published-22 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

Action-Not Available
Vendor-n/aThe GNOME ProjectRed Hat, Inc.
Product-kdebaseenterprise_linuxgdmlinux_advanced_workstationn/a
CVE-2003-0364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.34% / 86.79%
||
7 Day CHG~0.00%
Published-05 Jun, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2002-2443
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-23.62% / 95.77%
||
7 Day CHG~0.00%
Published-29 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)openSUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_auskerberos_5fedoraopensuseenterprise_linux_eusenterprise_linux_desktopubuntu_linuxenterprise_linux_workstationdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0633
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-37.28% / 97.05%
||
7 Day CHG~0.00%
Published-08 Jul, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

Action-Not Available
Vendor-ethereal_groupn/aRed Hat, Inc.Gentoo Foundation, Inc.Mandriva (Mandrakesoft)
Product-ethereallinuxenterprise_linuxlinux_advanced_workstationmandrake_linuxn/a
CVE-2004-0886
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.99% / 93.16%
||
7 Day CHG~0.00%
Published-26 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Action-Not Available
Vendor-trustixpdflibwxgtk2n/aKDELibTIFFSUSERed Hat, Inc.Apple Inc.Mandriva (Mandrakesoft)
Product-secure_linuxlibtiffwxgtk2pdf_librarykdemac_os_x_serverenterprise_linux_desktopsuse_linuxfedora_coremac_os_xenterprise_linuxlinux_advanced_workstationmandrake_linuxn/a
CVE-2016-8610
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-69.53% / 98.59%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationPalo Alto Networks, Inc.OpenSSLFujitsu LimitedNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balancecore_rdbmsretail_predictive_application_serverclustered_data_ontapenterprise_linux_server_eusenterprise_linuxcommunications_ip_service_activatoradaptive_access_managerm12-2_firmwarehost_agentsnapdrivejboss_enterprise_application_platformclustered_data_ontap_antivirus_connectorm10-1storagegridpeoplesoft_enterprise_peopletoolsontap_select_deployservice_processorm12-2sapplication_testing_suitem12-1_firmwarem12-2weblogic_serverenterprise_linux_server_tussnapcenter_serverenterprise_linux_workstationm12-2s_firmwaresmi-s_providerdebian_linuxenterprise_linux_servertimesten_in-memory_databasem10-4_firmwarestoragegrid_webscaleenterprise_linux_server_ausdata_ontapcn1610_firmwarecommunications_analyticsopensslm10-4sm10-4s_firmwaredata_ontap_edgem10-1_firmwarecn1610enterprise_manager_ops_centerjd_edwards_enterpriseone_toolspan-osm12-1oncommand_workflow_automationgoldengate_application_adaptersm10-4e-series_santricity_os_controllerOpenSSL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2004-0809
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.74% / 93.05%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Action-Not Available
Vendor-trustixturbolinuxn/aThe Apache Software FoundationGentoo Foundation, Inc.Mandriva (Mandrakesoft)Debian GNU/LinuxRed Hat, Inc.HP Inc.
Product-secure_linuxhp-uxturbolinux_desktopturbolinux_serversecure_web_server_for_tru64http_serverturbolinux_homeenterprise_linux_desktopdebian_linuxlinuxenterprise_linuxmandrake_linuxn/a
CVE-2004-0930
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.06% / 90.38%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

Action-Not Available
Vendor-conectivan/aGentoo Foundation, Inc.Silicon Graphics, Inc.Red Hat, Inc.Samba
Product-sambaenterprise_linux_desktopfedora_corelinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0918
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-68.74% / 98.56%
||
7 Day CHG~0.00%
Published-21 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Action-Not Available
Vendor-trustixsquidopenpkgn/aRed Hat, Inc.UbuntuGentoo Foundation, Inc.
Product-ubuntu_linuxsquidopenpkgfedora_corelinuxsecure_linuxn/a
CVE-2004-1174
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.14% / 77.54%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.64% / 85.16%
||
7 Day CHG~0.00%
Published-20 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

Action-Not Available
Vendor-n/aRed Hat, Inc.FreeRADIUS
Product-fedora_coreenterprise_linuxfreeradiusn/a
CVE-2004-1009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.29% / 78.82%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2001-0309
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.79% / 72.87%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2014-0186
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.73% / 71.85%
||
7 Day CHG~0.00%
Published-14 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linuxn/a
CVE-2000-0358
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-24 May, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2000-0314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 53.98%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

Action-Not Available
Vendor-digitaln/aSlackwareRed Hat, Inc.Debian GNU/LinuxNetBSD
Product-netbsddebian_linuxunixlinuxslackware_linuxn/a
CVE-2018-14467
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.00% / 82.94%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:24
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcapopenSUSERed Hat, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xleaptcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14470
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.23% / 83.86%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:31
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcapopenSUSERed Hat, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xleaptcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2000-0508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.57% / 90.76%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-linuxdebian_linuxmandrake_linuxn/a
CVE-2014-0180
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.73% / 71.71%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-cloudforms_3.0_management_enginen/a
CVE-2004-0421
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.46% / 84.61%
||
7 Day CHG~0.00%
Published-05 May, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

Action-Not Available
Vendor-trustixlibpngopenpkgn/aRed Hat, Inc.
Product-libpngenterprise_linuxopenpkgenterprise_linux_desktopsecure_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2004-1014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.46% / 84.62%
||
7 Day CHG~0.00%
Published-08 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

Action-Not Available
Vendor-nfsn/aDebian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-mandrake_linux_corporate_servernfs-utilsenterprise_linux_desktopdebian_linuxenterprise_linuxmandrake_linuxn/a
CVE-1999-0986
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.42% / 79.83%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernellinuxdebian_linuxn/a
CVE-1999-0804
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.72% / 87.51%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxRed Hat, Inc.
Product-linux_kernellinuxsuse_linuxdebian_linuxn/a
CVE-2004-0081
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.80% / 85.55%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

Action-Not Available
Vendor-sco4dlitebluecoatneoterisstonesofttarantellasecurecomputingn/aAvaya LLCNovellSun Microsystems (Oracle Corporation)Symantec CorporationCisco Systems, Inc.Apple Inc.HP Inc.Check Point Software Technologies Ltd.Silicon Graphics, Inc.OpenBSDRed Hat, Inc.Dell Inc.FreeBSD FoundationOpenSSLVMware (Broadcom Inc.)
Product-wbemfirewall_services_moduleapplication_and_content_networking_softwareaaa_servers8700okena_stormwatchmac_os_xthreat_responseapache-based_web_serverpix_firewallpropacks8500provider-1call_managerciscoworks_common_management_foundationclientless_vpn_gateway_4400secure_content_acceleratorvsus8300stonebeat_fullclustergsx_serverfirewall-1access_registrarstonebeat_securityclustergss_4480_global_site_selectortarantella_enterprisestonegate_vpn_clientproxysgvpn-1mac_os_x_serverenterprise_linux_desktopmds_9000enterprise_linuxwebstaropenserverbsafe_ssl-jioswebnssg203css11000_content_services_switchopenssllinuxintuity_audixserverclustersg5openbsdsg208sg200cacheos_ca_sastonegateciscoworks_common_servicesgss_4490_global_site_selectorimanagerinstant_virtual_extranetedirectorysidewinderhp-uxconverged_communications_serverstonebeat_webclustercrypto_accelerator_4000speed_technologies_litespeed_web_serverfreebsdpix_firewall_softwarecontent_services_switch_11500css_secure_content_acceleratorn/a
CVE-2004-0079
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.27% / 83.99%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Action-Not Available
Vendor-sco4dlitebluecoatneoterisstonesofttarantellasecurecomputingn/aAvaya LLCNovellSun Microsystems (Oracle Corporation)Symantec CorporationCisco Systems, Inc.Apple Inc.HP Inc.Check Point Software Technologies Ltd.Silicon Graphics, Inc.OpenBSDRed Hat, Inc.Dell Inc.FreeBSD FoundationOpenSSLVMware (Broadcom Inc.)
Product-wbemfirewall_services_moduleapplication_and_content_networking_softwareaaa_servers8700okena_stormwatchmac_os_xthreat_responseapache-based_web_serverpix_firewallpropacks8500provider-1call_managerciscoworks_common_management_foundationclientless_vpn_gateway_4400secure_content_acceleratorvsus8300stonebeat_fullclustergsx_serverfirewall-1access_registrarstonebeat_securityclustergss_4480_global_site_selectortarantella_enterprisestonegate_vpn_clientproxysgvpn-1mac_os_x_serverenterprise_linux_desktopmds_9000enterprise_linuxwebstaropenserverbsafe_ssl-jioswebnssg203css11000_content_services_switchopenssllinuxintuity_audixserverclustersg5openbsdsg208sg200cacheos_ca_sastonegateciscoworks_common_servicesgss_4490_global_site_selectorimanagerinstant_virtual_extranetedirectorysidewinderhp-uxconverged_communications_serverstonebeat_webclustercrypto_accelerator_4000speed_technologies_litespeed_web_serverfreebsdpix_firewall_softwarecontent_services_switch_11500css_secure_content_acceleratorn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-5651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.64% / 69.61%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-libvirtn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-8653
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.35%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 14:00
Updated-06 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_fusejboss_a-mqFuse
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-4180
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.53% / 66.44%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

Action-Not Available
Vendor-n/aRed Hat, Inc.The Foreman
Product-openstackforemann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2003-0247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.66% / 81.31%
||
7 Day CHG~0.00%
Published-05 Jun, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2013-4153
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.64% / 69.67%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-libvirtn/a
CVE-2003-0551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.53%
||
7 Day CHG~0.00%
Published-25 Jul, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2013-1816
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.48% / 87.11%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 19:22
Updated-06 Aug, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Wikimedia FoundationFedora Project
Product-debian_linuxmediawikifedoraenterprise_linuxmediawiki
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2218
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.81% / 93.08%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-libvirtn/a
CVE-2013-2175
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.08% / 23.38%
||
7 Day CHG~0.00%
Published-19 Aug, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

Action-Not Available
Vendor-haproxyn/aRed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxhaproxyenterprise_linux_load_balancern/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 10
  • 11
  • Next
Details not found