Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-0976

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Feb, 2008 | 23:00
Updated At-07 Aug, 2024 | 08:01
Rejected At-
Credits

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Feb, 2008 | 23:00
Updated At:07 Aug, 2024 | 08:01
Rejected At:
▼CVE Numbering Authority (CNA)

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2008/0666
vdb-entry
x_refsource_VUPEN
http://aluigi.altervista.org/adv/doubletakedown-adv.txt
x_refsource_MISC
http://securityreason.com/securityalert/3698
third-party-advisory
x_refsource_SREASON
http://www.securityfocus.com/bid/27951
vdb-entry
x_refsource_BID
http://aluigi.org/poc/doubletakedown.zip
x_refsource_MISC
http://secunia.com/advisories/29075
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/488632/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2008/0666
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://aluigi.altervista.org/adv/doubletakedown-adv.txt
Resource:
x_refsource_MISC
Hyperlink: http://securityreason.com/securityalert/3698
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.securityfocus.com/bid/27951
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://aluigi.org/poc/doubletakedown.zip
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/29075
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/488632/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2008/0666
vdb-entry
x_refsource_VUPEN
x_transferred
http://aluigi.altervista.org/adv/doubletakedown-adv.txt
x_refsource_MISC
x_transferred
http://securityreason.com/securityalert/3698
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.securityfocus.com/bid/27951
vdb-entry
x_refsource_BID
x_transferred
http://aluigi.org/poc/doubletakedown.zip
x_refsource_MISC
x_transferred
http://secunia.com/advisories/29075
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/488632/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0666
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://aluigi.altervista.org/adv/doubletakedown-adv.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://securityreason.com/securityalert/3698
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.securityfocus.com/bid/27951
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://aluigi.org/poc/doubletakedown.zip
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/29075
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/488632/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Feb, 2008 | 23:44
Updated At:15 Oct, 2018 | 22:04

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
double-take_software
double-take_software
>>double-take>>Versions up to 5.0.0.2865(inclusive)
cpe:2.3:a:double-take_software:double-take:*:*:*:*:*:*:*:*
double-take_software
double-take_software
>>double-take>>4.5
cpe:2.3:a:double-take_software:double-take:4.5:*:*:*:*:*:*:*
HP Inc.
hp
>>storageworks_double-take>>Versions up to 5.0.0.2865(inclusive)
cpe:2.3:a:hp:storageworks_double-take:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Double-Take
Last Modified : 2009-05-08T00:00:00

This issue was fixed in version 5.1 which was released July 11, 2008

References
HyperlinkSourceResource
http://aluigi.altervista.org/adv/doubletakedown-adv.txtcve@mitre.org
N/A
http://aluigi.org/poc/doubletakedown.zipcve@mitre.org
N/A
http://secunia.com/advisories/29075cve@mitre.org
N/A
http://securityreason.com/securityalert/3698cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/488632/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/27951cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/0666cve@mitre.org
N/A
Hyperlink: http://aluigi.altervista.org/adv/doubletakedown-adv.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://aluigi.org/poc/doubletakedown.zip
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29075
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/3698
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/488632/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/27951
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0666
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

304Records found
CVE-1999-0015
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-25.85% / 96.06%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Teardrop IP denial of service.

Action-Not Available
Vendor-n/aNetBSDMicrosoft CorporationSun Microsystems (Oracle Corporation)HP Inc.
Product-netbsdhp-uxwindows_ntsunoswindows_95n/a
CVE-1999-0016
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-72.57% / 98.71%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Land IP denial of service.

Action-Not Available
Vendor-n/aNetBSDCisco Systems, Inc.GNUMicrosoft CorporationSun Microsystems (Oracle Corporation)HP Inc.
Product-winsocknetbsdhp-uxwindows_ntiosinetsunoswindows_95n/a
CVE-2017-3733
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-5.78% / 90.14%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Encrypt-Then-Mac renegotiation crash

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

Action-Not Available
Vendor-OpenSSLHP Inc.
Product-openssloperations_agentOpenSSL
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23704
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.79%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 20:17
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later.

Action-Not Available
Vendor-n/aHP Inc.Hewlett Packard Enterprise (HPE)
Product-proliant_bl460c_gen8_server_bladeproliant_dl160_gen9_serverproliant_dl20_gen9_serverproliant_xl220a_gen8_v2_serverproliant_dl320e_gen8_serverproliant_sl250s_gen8_serverproliant_dl180_gen9_serverproliant_ml350p_gen8_serverproliant_ws460c_gen8_graphics_server_bladeproliant_sl230s_gen8_serverproliant_sl270s_gen8_se_serverproliant_dl360p_gen8_serverproliant_dl580_gen9_serverproliant_dl80_gen9_serverproliant_dl560_gen9_serverproliant_xl170r_gen9_serverproliant_ml310e_gen8_v2_serverproliant_microserver_gen8proliant_dl120_gen9_serverproliant_xl190r_gen9_serverproliant_xl740f_gen9_serverproliant_dl360_gen9_serverproliant_dl360e_gen8_serversynergy_620_gen9_compute_moduleproliant_sl270s_gen8_serverproliant_ml30_gen9_serverproliant_dl380p_gen8_serverproliant_xl730f_gen9_serverproliant_ec200a_serverproliant_ml350_gen9_serverproliant_dl160_gen8_serverproliant_dl560_gen8_serverproliant_xl750f_gen9_serverproliant_bl465c_gen8_server_bladeproliant_bl460c_gen9_server_bladeproliant_xl250a_gen9_serverproliant_dl380e_gen8_serverproliant_ws460c_gen9_graphics_server_bladeproliant_bl660c_gen9_serverintegrated_lights-out_4proliant_dl380_gen9_serverproliant_ml150_gen9_serversynergy_680_gen9_compute_moduleproliant_ml110_gen9_serverproliant_xl450_gen9_serverapollo_4200_gen9_serverproliant_ml310e_gen8_serversynergy_480_gen9_compute_moduleproliant_bl420c_gen8_serverproliant_bl660c_gen8_server_bladeproliant_ml350e_gen8_v2_serverproliant_dl385p_gen8proliant_dl60_gen9_serverproliant_dl580_gen8_serversynergy_660_gen9_compute_moduleproliant_dl320e_gen8_v2_serverproliant_xl230a_gen9_serverproliant_sl210t_gen8_serverproliant_sl4540_gen8_1_node_serverHPE Integrated Lights-Out 4 (iLO 4)
CVE-2020-10136
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.3||MEDIUM
EPSS-19.96% / 95.26%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 08:35
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

Action-Not Available
Vendor-treckdigiCisco Systems, Inc.HP Inc.The IETF Administration LLC (IETF LLC)
Product-nexus_93180lc-exnexus_56128pnexus_3132qnexus_9332pqnexus_93108tc-exucs_6332-16upnexus_3016x3220nr_firmwarenx-osnexus_9372pxnexus_9508nexus_5696qnexus_93120txnexus_92304qcnexus_93128txnexus_9336pq_aci_spineucs_6248upnexus_6004nexus_1000venexus_9504nexus_3048nexus_6001nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2sarosucs_6324nexus_9396txnexus_9332cnexus_9364cnexus_7000nexus_92348gc-xnexus_5020nexus_3064nexus_9336c-fx2unified_computing_systemucs_6332nexus_5548pnexus_5548upnexus_5648qnexus_9348gc-fxpnexus_3172nexus_9272qnexus_9396pxucs_6296upnexus_5010nexus_93216tc-fx2nexus_1000vnexus_5672upnexus_5596tnexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_5624qnexus_3064-tucs_managernexus_93180yc-exnexus_9372px-enexus_9236cnexus_9516nexus_5596upnexus_7700tcp\/ipRFC2003 - IP Encapsulation within IP
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2018-3214
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.30%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxxp7_command_viewenterprise_linux_server_eusjreenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_eussatellitejdkenterprise_linux_server_tusenterprise_linux_desktopjrockitJava
CVE-2018-2603
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.85%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2011-3169
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.41% / 79.71%
||
7 Day CHG~0.00%
Published-07 Nov, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-tcp_ip_services_openvmsn/a
CVE-2017-14360
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.9||MEDIUM
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-08 Nov, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03791 rev.1 - HPE Content Manager Workgroup Service, Denial of Service (DoS)

A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-content_managerHPE Content Manager Workgroup Service
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-38951
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.49%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CVE-2020-4310
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.61% / 68.95%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 13:45
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwebsphere_mqwindowsmqaixMQWebSphere MQ
CVE-2016-9597
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 79.12%
||
7 Day CHG~0.00%
Published-30 Jul, 2018 | 14:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

Action-Not Available
Vendor-Canonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-ubuntu_linuxdebian_linuxlibxml2icewall_file_managericewall_federation_agentleaplibxml2
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-8530
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-8.06% / 91.80%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centeriMC PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4447
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.54% / 84.90%
||
7 Day CHG-0.26%
Published-09 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationCanonical Ltd.HP Inc.Microsoft Corporationlibxml2 (XMLSoft)Debian GNU/LinuxMcAfee, LLC
Product-libxml2icewall_federation_agentitunesubuntu_linuxwatchosweb_gatewayvm_serverwindowsdebian_linuxiphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.98% / 86.01%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-performance_centerloadrunnern/a
CVE-2013-6193
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.33% / 79.17%
||
7 Day CHG~0.00%
Published-17 Dec, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_pro_p1102laserjet_m1522n_multifunction_printercolor_laserjet_cp1518color_laserjet_cp1515laserjet_pro_m1216nfh_mfpcolor_laserjet_cp2025_printerlaserjet_pro_cp1025nwcolor_laserjet_cm1312nfi_multifunction_printerlaserjet_m2727_multifunction_printerlaserjet_pro_400_color_printer_m451laserjet_pro_cp1525nw_color_printerlaserjet_pro_300_color_mfp_printer_m375color_laserjet_cp5225laserjet_pro_m1212nf_mfphp_laserjet_pro_m1214nfh_mfptopshot_laserjet_pro_m275_mfplaserjet_pro_m1213nf_mfplaserjet_pro_m1217nfw_mfplaserjet_pro_cm1415fnw_color_multifunction_printercolor_laserjet_cm2320n_multifunction_printerlaserjet_pro_100_color_mfp_m175laserjet_pro_p1606dnlaserjet_pro_m1536dnf_multifunction_printerlaserjet_pro_300_color_printer_m351laserjet_pro_400_color_mfp_m475n/a
CVE-2003-1493
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.46% / 63.22%
||
7 Day CHG~0.00%
Published-24 Oct, 2007 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-2008-1852
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.35% / 86.82%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 08:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain requests that specify a large number of sub-arguments, which triggers a NULL pointer dereference due to memory allocation failure.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-399
Not Available
CVE-2008-1853
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 08:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to cause a denial of service (exit) by sending a 0x36 packet (exit request).

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-399
Not Available
CVE-2007-2246
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.27% / 83.98%
||
7 Day CHG~0.00%
Published-25 Apr, 2007 | 16:00
Updated-07 Aug, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434.

Action-Not Available
Vendor-sendmailn/aHP Inc.
Product-sendmailhp-uxn/a
CWE ID-CWE-399
Not Available
CVE-2008-0212
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.80% / 73.15%
||
7 Day CHG~0.00%
Published-06 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Sun Microsystems (Oracle Corporation)Linux Kernel Organization, Inc
Product-solarislinux_kernelopenview_network_node_managerhp-uxwindowsn/a
CWE ID-CWE-399
Not Available
CVE-2008-4382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.47% / 63.77%
||
7 Day CHG~0.00%
Published-02 Oct, 2008 | 18:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.

Action-Not Available
Vendor-n/aKDE
Product-konquerorn/a
CWE ID-CWE-399
Not Available
CVE-2008-3157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.77% / 72.47%
||
7 Day CHG~0.00%
Published-11 Jul, 2008 | 22:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions.

Action-Not Available
Vendor-norteln/a
Product-sip_multimedia_pc_clientn/a
CWE ID-CWE-399
Not Available
CVE-2018-0370
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.55%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 17:00
Updated-29 Nov, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of traffic when the Secure Sockets Layer (SSL) inspection policy is enabled. An attacker could exploit this vulnerability by sending malicious traffic through an affected device. An exploit could allow the attacker to increase the resource consumption of a single instance of the Snort detection engine on an affected device. This will lead to performance degradation and eventually the restart of the affected Snort process. Cisco Bug IDs: CSCvi09219, CSCvi29845.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower unknown
CWE ID-CWE-399
Not Available
CVE-2008-1996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-20.31% / 95.30%
||
7 Day CHG~0.00%
Published-28 Apr, 2008 | 18:21
Updated-07 Aug, 2024 | 08:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.

Action-Not Available
Vendor-licqn/a
Product-licqn/a
CWE ID-CWE-399
Not Available
CVE-2010-0220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.95% / 75.38%
||
7 Day CHG~0.00%
Published-07 Jan, 2010 | 19:00
Updated-07 Aug, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-399
Not Available
CVE-2010-0277
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.80% / 92.16%
||
7 Day CHG~0.00%
Published-09 Jan, 2010 | 18:00
Updated-07 Aug, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

Action-Not Available
Vendor-adiumn/aPidgin
Product-adiumpidginn/a
CWE ID-CWE-399
Not Available
CVE-2009-3877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.57% / 92.03%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-solarislinux_kerneljrewindowsjdksdkn/a
CWE ID-CWE-399
Not Available
CVE-2007-6040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.60% / 68.57%
||
7 Day CHG~0.00%
Published-20 Nov, 2007 | 19:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116.

Action-Not Available
Vendor-n/aBelkin International, Inc.
Product-f5d7230-4n/a
CWE ID-CWE-399
Not Available
CVE-2009-3876
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.47% / 92.94%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-solarislinux_kerneljrewindowsjdksdkn/a
CWE ID-CWE-399
Not Available
CVE-2009-4448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.24% / 78.40%
||
7 Day CHG~0.00%
Published-29 Dec, 2009 | 20:15
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.

Action-Not Available
Vendor-n/aMyBB
Product-mybbn/a
CWE ID-CWE-399
Not Available
CVE-2007-5622
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.62% / 81.09%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 21:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy.

Action-Not Available
Vendor-3proxyn/a
Product-3proxyn/a
CWE ID-CWE-399
Not Available
CVE-2009-3933
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.17% / 83.63%
||
7 Day CHG~0.00%
Published-12 Nov, 2009 | 16:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.

Action-Not Available
Vendor-webkitn/aGoogle LLC
Product-chromewebkitn/a
CWE ID-CWE-399
Not Available
CVE-2009-4355
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.72% / 94.01%
||
7 Day CHG~0.00%
Published-14 Jan, 2010 | 19:00
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Action-Not Available
Vendor-n/aOpenSSLRed Hat, Inc.
Product-openssln/a
CWE ID-CWE-399
Not Available
CVE-2009-2953
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.60% / 85.02%
||
7 Day CHG~0.00%
Published-24 Aug, 2009 | 15:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-399
Not Available
CVE-2009-2740
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.47% / 63.77%
||
7 Day CHG~0.00%
Published-19 Aug, 2009 | 17:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet.

Action-Not Available
Vendor-n/a
Product-host-based_intrusion_prevention_systemn/a
CWE ID-CWE-399
Not Available
CVE-2009-2664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.01% / 86.07%
||
7 Day CHG~0.00%
Published-04 Aug, 2009 | 16:13
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-399
Not Available
CVE-2009-3615
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.99% / 91.72%
||
7 Day CHG~0.00%
Published-20 Oct, 2009 | 17:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.

Action-Not Available
Vendor-adiumn/aPidgin
Product-adiumpidginn/a
CWE ID-CWE-399
Not Available
CVE-2009-3272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.44% / 88.62%
||
7 Day CHG~0.00%
Published-21 Sep, 2009 | 19:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-399
Not Available
CVE-2009-2651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.07% / 22.10%
||
7 Day CHG~0.00%
Published-30 Jul, 2009 | 19:08
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-399
Not Available
CVE-2009-3268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.31% / 53.57%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-399
Not Available
CVE-2009-3269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.53% / 66.44%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-399
Not Available
CVE-2009-2858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.37% / 58.05%
||
7 Day CHG~0.00%
Published-19 Aug, 2009 | 17:00
Updated-16 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CWE ID-CWE-399
Not Available
CVE-2009-2214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.77% / 81.92%
||
7 Day CHG~0.00%
Published-25 Jun, 2009 | 21:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-secure_gatewayn/a
CWE ID-CWE-399
Not Available
CVE-2009-2108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-20.51% / 95.34%
||
7 Day CHG~0.00%
Published-18 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.

Action-Not Available
Vendor-gitn/a
Product-gitn/a
CWE ID-CWE-399
Not Available
CVE-2009-1958
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.74% / 81.71%
||
7 Day CHG~0.00%
Published-06 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CWE ID-CWE-399
Not Available
CVE-2009-1632
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.31% / 88.43%
||
7 Day CHG~0.00%
Published-14 May, 2009 | 17:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.

Action-Not Available
Vendor-ipsec-toolsn/a
Product-ipsec-toolsn/a
CWE ID-CWE-399
Not Available
CVE-2009-1758
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.67% / 70.33%
||
7 Day CHG~0.00%
Published-22 May, 2009 | 01:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncXen Project
Product-xenlinux_kerneln/a
CWE ID-CWE-399
Not Available
CVE-2009-1827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.02% / 93.81%
||
7 Day CHG~0.00%
Published-29 May, 2009 | 20:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-399
Not Available
CVE-2009-2577
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.47% / 63.77%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-399
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found