Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-1672

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-29 May, 2008 | 16:00
Updated At-07 Aug, 2024 | 08:32
Rejected At-
Credits

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:29 May, 2008 | 16:00
Updated At:07 Aug, 2024 | 08:32
Rejected At:
▼CVE Numbering Authority (CNA)

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
x_refsource_MISC
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
vendor-advisory
x_refsource_SLACKWARE
http://secunia.com/advisories/30852
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
vendor-advisory
x_refsource_FEDORA
https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
vdb-entry
x_refsource_XF
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
x_refsource_MISC
http://secunia.com/advisories/30460
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30825
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1680
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/492932/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.ubuntu.com/usn/usn-620-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/30868
third-party-advisory
x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20080528.txt
x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200806-08.xml
vendor-advisory
x_refsource_GENTOO
http://sourceforge.net/project/shownotes.php?release_id=615606
x_refsource_CONFIRM
http://secunia.com/advisories/31288
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30405
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/29405
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id?1020122
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/1937/references
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/31228
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
vendor-advisory
x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/520586
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Resource:
x_refsource_MISC
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://secunia.com/advisories/30852
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/30460
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30825
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2008/1680
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/492932/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.ubuntu.com/usn/usn-620-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/30868
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openssl.org/news/secadv_20080528.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-08.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=615606
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/31288
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30405
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/29405
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id?1020122
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2008/1937/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/31228
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.kb.cert.org/vuls/id/520586
Resource:
third-party-advisory
x_refsource_CERT-VN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
x_refsource_MISC
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://secunia.com/advisories/30852
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
vdb-entry
x_refsource_XF
x_transferred
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
x_refsource_MISC
x_transferred
http://secunia.com/advisories/30460
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30825
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2008/1680
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/492932/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.ubuntu.com/usn/usn-620-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/30868
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openssl.org/news/secadv_20080528.txt
x_refsource_CONFIRM
x_transferred
http://security.gentoo.org/glsa/glsa-200806-08.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://sourceforge.net/project/shownotes.php?release_id=615606
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/31288
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30405
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/29405
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id?1020122
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2008/1937/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/31228
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.kb.cert.org/vuls/id/520586
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://secunia.com/advisories/30852
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/30460
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30825
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1680
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/492932/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-620-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/30868
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openssl.org/news/secadv_20080528.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-08.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=615606
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/31288
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30405
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/29405
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020122
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1937/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/31228
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/520586
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:29 May, 2008 | 16:32
Updated At:23 Apr, 2026 | 00:35

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches

OpenSSL
openssl
>>openssl>>0.9.8f
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8g
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

Organization : Red Hat
Last Modified : 2008-05-30T00:00:00

Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References
HyperlinkSourceResource
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.htmlsecalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30405secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30460secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30825secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30852secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/30868secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31228secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31288secalert@redhat.com
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200806-08.xmlsecalert@redhat.com
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004secalert@redhat.com
Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=615606secalert@redhat.com
Third Party Advisory
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400secalert@redhat.com
Third Party Advisory
http://www.kb.cert.org/vuls/id/520586secalert@redhat.com
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107secalert@redhat.com
Third Party Advisory
http://www.openssl.org/news/secadv_20080528.txtsecalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/archive/1/492932/100/0/threadedsecalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29405secalert@redhat.com
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020122secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-620-1secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1680secalert@redhat.com
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1937/referencessecalert@redhat.com
Permissions Required
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42667secalert@redhat.com
Third Party Advisory
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.htmlsecalert@redhat.com
Third Party Advisory
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30405af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30460af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30825af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30852af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/30868af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/31228af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/31288af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200806-08.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=615606af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.kb.cert.org/vuls/id/520586af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openssl.org/news/secadv_20080528.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/492932/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29405af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020122af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-620-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1680af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1937/referencesaf854a3a-2127-422b-91ae-364da2661108
Permissions Required
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42667af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30405
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30460
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30825
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30852
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30868
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31228
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31288
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-08.xml
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=615606
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/520586
Source: secalert@redhat.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.openssl.org/news/secadv_20080528.txt
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/492932/100/0/threaded
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/29405
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1020122
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-620-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/1680
Source: secalert@redhat.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/1937/references
Source: secalert@redhat.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30460
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30825
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30852
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30868
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31228
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31288
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-08.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=615606
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/520586
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.openssl.org/news/secadv_20080528.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/492932/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/29405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1020122
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-620-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/1680
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/1937/references
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1205Records found

CVE-2020-16307
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.77% / 75.50%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:09
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-10711
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-3.10% / 86.15%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 14:09
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-3scaleubuntu_linuxdebian_linuxlinux_kernelopenstackvirtualization_hostenterprise_linuxenterprise_linux_ausenterprise_linux_server_tusmessaging_realtime_gridleapKernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19242
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-2.54% / 83.04%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 15:30
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

Action-Not Available
Vendor-sqliten/aCanonical Ltd.Oracle CorporationRed Hat, Inc.Siemens AG
Product-sinec_infrastructure_network_servicesubuntu_linuxsqliteenterprise_linuxmysql_workbenchn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-16708
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2014-2270
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-4.3||MEDIUM
EPSS-4.32% / 89.98%
||
7 Day CHG-0.02%
Published-14 Mar, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

Action-Not Available
Vendor-file_projectn/aCanonical Ltd.openSUSEThe PHP GroupDebian GNU/Linux
Product-debian_linuxubuntu_linuxphpfileopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-16710
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-29385
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.48% / 70.72%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 02:01
Updated-29 Apr, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectThe GNOME Project
Product-ubuntu_linuxgdk-pixbuffedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2014-1523
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.16% / 86.42%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdenterprise_linux_eusdebian_linuxfirefoxseamonkeyubuntu_linuxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedoraopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1489
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.93% / 77.57%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationSUSEMozilla Corporation
Product-firefoxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serversolarislinux_enterprise_software_development_kitopensusen/a
CVE-2014-0459
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-4.06% / 89.43%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Oracle Corporation
Product-debian_linuxubuntu_linuxjdkjren/a
CVE-2019-16709
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.81% / 84.82%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

Action-Not Available
Vendor-n/aImageMagick Studio LLCopenSUSECanonical Ltd.
Product-ubuntu_linuximagemagickbackportsleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2014-0221
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-87.89% / 99.74%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Action-Not Available
Vendor-n/aMariaDB FoundationopenSUSESUSEOpenSSLRed Hat, Inc.Fedora Project
Product-linux_enterprise_desktopmariadblinux_enterprise_workstation_extensionopensusestorageleaplinux_enterprise_serveropensslfedoralinux_enterprise_software_development_kitenterprise_linuxn/a
CVE-2013-7447
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.63% / 90.59%
||
7 Day CHG~0.00%
Published-17 Feb, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

Action-Not Available
Vendor-n/aCanonical Ltd.Samsung
Product-ubuntu_linuxx14j_firmwaren/a
CVE-2013-6449
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-21.17% / 97.28%
||
7 Day CHG~0.00%
Published-23 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CVE-2017-17788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.13% / 62.37%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

Action-Not Available
Vendor-n/aCanonical Ltd.GIMPDebian GNU/Linux
Product-debian_linuxubuntu_linuxgimpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-1896
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-29.48% / 97.96%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEThe Apache Software FoundationRed Hat, Inc.
Product-http_serverubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopopensuseenterprise_linux_server_ausenterprise_linux_eusjboss_enterprise_application_platformenterprise_linuxn/a
CVE-2013-2132
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.63% / 83.69%
||
7 Day CHG~0.00%
Published-15 Aug, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMongoDB, Inc.
Product-ubuntu_linuxmongodbopensusen/a
CVE-2013-2021
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-3.50% / 87.75%
||
7 Day CHG~0.00%
Published-13 May, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

Action-Not Available
Vendor-n/aCanonical Ltd.ClamAVSUSE
Product-linux_enterprise_serverclamavubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2099
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-4.86% / 90.96%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

Action-Not Available
Vendor-n/aCanonical Ltd.Python Software Foundation
Product-ubuntu_linuxpythonn/a
CVE-2013-2038
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-4.15% / 89.62%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.

Action-Not Available
Vendor-gpsd_projectn/aCanonical Ltd.
Product-gpsdubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1055
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-4.3||MEDIUM
EPSS-1.27% / 66.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 19:20
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential DoS through abuse of rate limit in libunity-webapps for Firefox

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_linuxunity-firefox-extensionlibunity-webappsunity-firefox-extension
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2013-1054
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-4.3||MEDIUM
EPSS-1.34% / 67.88%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 19:20
Updated-16 Sep, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible remote DOS in WebApps

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_linuxunity-firefox-extensionunity-firefox-extension
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-16289
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.99% / 78.21%
||
7 Day CHG-0.02%
Published-13 Aug, 2020 | 02:07
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0338
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.86% / 85.02%
||
7 Day CHG-0.12%
Published-25 Apr, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSElibxml2 (XMLSoft)
Product-libxml2ubuntu_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0383
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-2.65% / 83.77%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationRed Hat, Inc.
Product-ubuntu_linuxenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_eusenterprise_linuxn/a
CVE-2012-6151
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-9.45% / 94.83%
||
7 Day CHG~0.00%
Published-13 Dec, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

Action-Not Available
Vendor-n/aCanonical Ltd.Net-SNMPApple Inc.
Product-ubuntu_linuxmac_os_xnet-snmpn/a
CVE-2020-14578
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-4.04% / 89.39%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 May, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.openSUSEMcAfee, LLC
Product-steelstore_cloud_integrated_storageactive_iq_unified_managerstoragegridsantricity_unified_managere-series_performance_analyzeroncommand_workflow_automationepolicy_orchestratorcloud_secure_agent7-mode_transition_toolubuntu_linuxopenjdksnapmanagerleapcloud_backupjdkfedorae-series_santricity_os_controllere-series_santricity_web_servicesdebian_linuxjreoncommand_insightJava
CVE-2012-3425
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-3.36% / 87.24%
||
7 Day CHG-0.01%
Published-13 Aug, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

Action-Not Available
Vendor-libpngn/aCanonical Ltd.openSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlibpngopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17816
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.19% / 64.13%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-netwide_assemblerubuntu_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2020-11758
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.79% / 75.73%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:43
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11761
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.79% / 75.62%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:42
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.

Action-Not Available
Vendor-openexrn/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.79% / 75.62%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:41
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-16713
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-16167
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.53% / 71.74%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 00:00
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

Action-Not Available
Vendor-sysstat_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorasysstatleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-1186
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.88% / 76.95%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEDebian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxopensusen/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2012-0259
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6.5||MEDIUM
EPSS-2.36% / 81.71%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEDebian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16168
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.25% / 89.85%
||
7 Day CHG-0.16%
Published-09 Sep, 2019 | 16:07
Updated-28 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Action-Not Available
Vendor-sqliten/aOracle CorporationNetApp, Inc.Fedora ProjectCanonical Ltd.Tenable, Inc.Debian GNU/LinuxMcAfee, LLC
Product-communications_design_studiosantricity_unified_manageroncommand_workflow_automationjdkpolicy_auditordebian_linuxubuntu_linuxmysqloutside_in_technologyontap_select_deploy_administration_utilitysteelstore_cloud_integrated_storageoncommand_insightjresqlitesolarise-series_santricity_os_controllerzfs_storage_applianceactive_iq_unified_managernessus_agentfedoran/a
CWE ID-CWE-369
Divide By Zero
CVE-2012-0876
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-5.72% / 92.12%
||
7 Day CHG~0.00%
Published-03 Jul, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Action-Not Available
Vendor-libexpat_projectn/aCanonical Ltd.Oracle CorporationRed Hat, Inc.Debian GNU/LinuxPython Software Foundation
Product-enterprise_linux_eusdebian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationlibexpatenterprise_linux_desktopstoragesolarisenterprise_linux_server_auspythonn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-0248
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.5||MEDIUM
EPSS-2.10% / 79.40%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCRed Hat, Inc.Debian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopstorageenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_eusn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2012-0260
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6.5||MEDIUM
EPSS-2.36% / 81.71%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSERed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_ausdebian_linuximagemagickubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopstorageenterprise_linux_server_eusenterprise_linux_eusopensusen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-16711
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2011-4577
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-9.33% / 94.77%
||
7 Day CHG~0.00%
Published-06 Jan, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CVE-2019-9073
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.10% / 61.58%
||
7 Day CHG~0.00%
Published-24 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

Action-Not Available
Vendor-n/aGNUNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxhci_management_nodesolidfirebinutilsn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2011-1783
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-6.74% / 93.16%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.The Apache Software FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxmac_os_xfedorasubversionn/a
CVE-2010-3709
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-13.33% / 95.93%
||
7 Day CHG~0.00%
Published-08 Nov, 2010 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Action-Not Available
Vendor-n/aThe PHP GroupCanonical Ltd.
Product-ubuntu_linuxphpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15144
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.77% / 75.48%
||
7 Day CHG~0.00%
Published-18 Aug, 2019 | 18:30
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

Action-Not Available
Vendor-djvulibre_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-djvulibreubuntu_linuxdebian_linuxfedoraleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-15143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.71% / 74.52%
||
7 Day CHG~0.00%
Published-18 Aug, 2019 | 18:30
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.

Action-Not Available
Vendor-djvulibre_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-djvulibreubuntu_linuxdebian_linuxfedoraleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-17887
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 67.11%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.50% / 82.73%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-2992
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-3.47% / 87.63%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Red Hat, Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapJava
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 24
  • 25
  • Next
Details not found