Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-2218

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 May, 2008 | 18:00
Updated At-07 Aug, 2024 | 08:49
Rejected At-
Credits

Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 May, 2008 | 18:00
Updated At:07 Aug, 2024 | 08:49
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2008/1404/references
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/30038
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/42115
vdb-entry
x_refsource_XF
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698
x_refsource_CONFIRM
http://www.securityfocus.com/bid/28994
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id?1019957
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2008/1404/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/30038
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42115
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/28994
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id?1019957
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2008/1404/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/30038
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/42115
vdb-entry
x_refsource_XF
x_transferred
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/28994
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id?1019957
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1404/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/30038
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42115
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/28994
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019957
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 May, 2008 | 18:20
Updated At:08 Aug, 2017 | 01:30

Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
nortel
nortel
>>multimedia_communications_server>>Versions up to 3.5.8.3(inclusive)
cpe:2.3:a:nortel:multimedia_communications_server:*:*:*:*:*:*:*:*
nortel
nortel
>>multimedia_communications_server>>Versions up to 4.0.25.3(inclusive)
cpe:2.3:a:nortel:multimedia_communications_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/30038cve@mitre.org
Vendor Advisory
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698cve@mitre.org
N/A
http://www.securityfocus.com/bid/28994cve@mitre.org
N/A
http://www.securitytracker.com/id?1019957cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/1404/referencescve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/42115cve@mitre.org
N/A
Hyperlink: http://secunia.com/advisories/30038
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/28994
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019957
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1404/references
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42115
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

640Records found
CVE-2008-3157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.77% / 72.47%
||
7 Day CHG~0.00%
Published-11 Jul, 2008 | 22:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions.

Action-Not Available
Vendor-norteln/a
Product-sip_multimedia_pc_clientn/a
CWE ID-CWE-399
Not Available
CVE-2005-1802
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.42%
||
7 Day CHG~0.00%
Published-01 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

Action-Not Available
Vendor-norteln/a
Product-vpn_router_600vpn_router_1050vpn_router_1100vpn_router_1010vpn_router_1700contivityvpn_router_1740vpn_router_5000vpn_router_2700n/a
CVE-2005-0356
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-86.02% / 99.35%
||
7 Day CHG~0.00%
Published-31 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Action-Not Available
Vendor-nortelalaxalayamahan/aOpenBSDF5, Inc.Microsoft CorporationFreeBSD FoundationCisco Systems, Inc.Hitachi, Ltd.
Product-e-mail_managerrt57iciscoworks_access_control_list_managercontent_services_switch_11800content_services_switch_11503alaxala_networkscontent_services_switch_11050rt105rt300iwindows_xpremote_monitoring_suite_optionethernet_routing_switch_1648call_managerip_contact_center_enterpriseciscoworks_common_management_foundationip_contact_center_expressconference_connectionagent_desktopunity_serveremergency_respondersuccession_communication_server_1000aironet_ap1200sn_5420_storage_router_firmwaresn_5420_storage_routerpersonal_assistantweb_collaboration_optionciscoworks_windowsgr4000secure_access_control_servertmosciscoworks_lmsrtx1000rtx1100contact_centercallpilotsupport_toolsmgx_82307220_wlan_access_pointgr3000webnssurvivable_remote_gatewaybusiness_communications_managermeetingplacealaxalamgx_8250content_services_switch_11000windows_2000windows_2003_serveropenbsdaironet_ap350sn_5428_storage_routeruniversal_signaling_point7250_wlan_access_pointrt250iethernet_routing_switch_1612optical_metro_5200ciscoworks_1105_hosting_solution_engineciscoworks_1105_wireless_lan_solution_engineintelligent_contact_managergs4000ciscoworks_common_servicesoptical_metro_5100ciscoworks_vpn_security_management_solutionrtx2000rtv700ciscoworks_cd1ethernet_routing_switch_1624ciscoworks_windows_wugcontent_services_switch_11501optical_metro_5000content_services_switch_11150interactive_voice_responsefreebsdrtx1500content_services_switch_11506content_services_switch_11500n/a
CVE-2004-2549
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.82% / 92.17%
||
7 Day CHG~0.00%
Published-21 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.

Action-Not Available
Vendor-norteln/a
Product-wlan_access_point_2221wlan_access_point_2225wlan_access_point_2220n/a
CVE-2004-1305
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-77.41% / 98.94%
||
7 Day CHG~0.00%
Published-06 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

Action-Not Available
Vendor-norteln/aMicrosoft Corporation
Product-symposium_tapi_service_providersymposium_express_call_centersymposium_web_clientwindows_98windows_2000windows_2003_serverwindows_98semedia_communication_server_5100ip_softphone_2050windows_ntsymposium_agentwindows_xpmedia_communication_server_5200periphonicssymposium_call_center_serversymposium_web_centre_portalmedia_processing_serversymposium_network_control_centerwindows_men/a
CVE-2000-0221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.01% / 88.00%
||
7 Day CHG~0.00%
Published-10 Apr, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.

Action-Not Available
Vendor-norteln/a
Product-nautica_marlinn/a
CVE-2000-0064
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.

Action-Not Available
Vendor-norteln/a
Product-contivityn/a
CVE-2007-2886
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.24% / 78.44%
||
7 Day CHG~0.00%
Published-30 May, 2007 | 01:00
Updated-07 Aug, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.

Action-Not Available
Vendor-norteln/a
Product-communications_servern/a
CVE-2007-5636
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.95% / 95.56%
||
7 Day CHG~0.00%
Published-23 Oct, 2007 | 17:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging."

Action-Not Available
Vendor-norteln/a
Product-ip_softphone_2050n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0719
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-18.03% / 94.91%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-4501
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.57% / 88.77%
||
7 Day CHG~0.00%
Published-31 Dec, 2009 | 18:00
Updated-17 Sep, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.

Action-Not Available
Vendor-n/aZABBIX
Product-zabbixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-3488
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.87% / 74.23%
||
7 Day CHG~0.00%
Published-31 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Action-Not Available
Vendor-n/aThe Netty Project
Product-nettyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0514
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-72.49% / 98.70%
||
7 Day CHG~0.00%
Published-20 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protector_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-5140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.73% / 71.70%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-wxbitcoinbitcoin_coren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1374
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.46% / 88.64%
||
7 Day CHG~0.00%
Published-26 May, 2009 | 15:16
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.

Action-Not Available
Vendor-n/aPidgin
Product-pidginn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-14740
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.98%
||
7 Day CHG~0.00%
Published-29 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.

Action-Not Available
Vendor-pbc_projectn/a
Product-pbcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3873
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.37% / 86.86%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncDebian GNU/LinuxopenSUSE
Product-linux_kernelopensuselinux_enterprise_serverdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4698
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.12% / 91.17%
||
7 Day CHG~0.00%
Published-18 Jan, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-09 Nov, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_directory_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2221
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.08% / 90.39%
||
7 Day CHG~0.00%
Published-08 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.

Action-Not Available
Vendor-zaalvladislav_bolkhovitinarne_redlich_\&_ross_walkern/aLinux Kernel Organization, Inc
Product-linux_kernelgeneric_scsi_target_subsystemtgtiscsitargetn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.44% / 62.45%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.

Action-Not Available
Vendor-htcdolphinn/a
Product-herodolphin_browsern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.88% / 82.40%
||
7 Day CHG~0.00%
Published-30 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2494
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.64% / 88.87%
||
7 Day CHG~0.00%
Published-08 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.

Action-Not Available
Vendor-bogofiltern/a
Product-bogofiltern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1687
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.03% / 91.11%
||
7 Day CHG~0.00%
Published-04 May, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-mochasoftn/a
Product-mocha_w32_lpdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.26% / 90.53%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Tembria Server Monitor before 5.6.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted (1) GET, (2) PUT, or (3) HEAD request, as demonstrated by a malformed GET request containing a long PATH_INFO to index.asp.

Action-Not Available
Vendor-tembrian/a
Product-server_monitorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0749
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.73% / 71.80%
||
7 Day CHG~0.00%
Published-30 Oct, 2019 | 22:45
Updated-07 Aug, 2024 | 00:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.

Action-Not Available
Vendor-transmissionbttransmissionLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneltransmissiontransmission
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1510
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-5||MEDIUM
EPSS-4.76% / 89.03%
||
7 Day CHG~0.00%
Published-14 May, 2010 | 19:24
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1623
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-21.11% / 95.44%
||
7 Day CHG~0.00%
Published-04 Oct, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_serverapr-utiln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1642
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-5.05% / 89.37%
||
7 Day CHG~0.00%
Published-17 Jun, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-10658
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.65%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.

Action-Not Available
Vendor-axisn/a
Product-p1204_firmwarem1103m1145_firmwarep3915-r_firmwarep3343q1932-e_pt_mountq7411_firmwarexp40-q1942q8414-lvsp3363-veq8655-zle_firmwareq1604-e_firmwareq8685-leq8742-le_zoomp1357-e_firmwarem3105-lve_firmwarep1125-zp1425-le_firmwareq1635_firmwarem1013q7424-r_mk_ii_firmwareq1931-e_pt_mount_firmwareq7401_firmwarecompanion_c360c2005_firmwarep1214-ep5514-e_firmwarep1428-ep3228-lveq1775_firmwareq1604p1346-e_firmwarecompanion_eye_lp1405-em1124q1765-le_pt_mount_firmwarep1364q1647p1344-eq7401q3504-vp3114-zq6045-s_mk_iip3365-vm1033-w_firmwarep5515-eq1941-eq8685-exp60-q1765p1346-eq1602_firmwarep3215-ve_firmwareq6052q8642-e_firmwarem3104-lm3005-vq6045-s_mk_ii_firmwarep3354q1635-zq1614-eq1942-e_pt_mountq6054-e_firmwarem3203-v_firmwarep3301-v_firmwarep3225-v_mk_iip3364-lvp3705-zp1405-leq8721-e_firmwarea8004-v_firmwarep1354_firmwareq6044-em1125-em3106-l_mk_ii_firmwarem3007-pq6045_mk_ii_firmwarexp60-q1765_firmwarep3224-v_mk_iim1025_firmwarem3006-v_firmwarep1224-e_firmwarep1344p3224-lve_firmwareq6032-ea8105-ep1254q1602-ep1126-zlp1425-lep1353q1615-e_mk_ii_firmwareq6045-c_mk_iim1054p1343-ep1346_firmwareq3505-sve_mk_iim3204q1910-ep7216_firmwareq1755_firmwarem3105-l_firmwarep1425-le_mk_ii_firmwarep3707-pe_firmwareq6054_mk_ii_firmwarem3106-lve_mk_ii_firmwarep5532-eq1602q6042-cp3375-vea8105-e_firmwarecompanion_cube_lq1931-e_pt_mountp3225-lve_mk_iip3364-ve_firmwareq2901-e_firmwarep3375-ve_firmwarep1245q1755q3617-ve_firmwarem1054_firmwarep3364-vep5624-e_firmwarem3044-wvp5512-eq6115-e_firmwarep3374-v_firmwareq2901-e_pt_mountp8514_firmwarep3904-r_mk_ii_firmwarem3106-lve_mk_iip3301_firmwarep3344-vcompanion_dome_wvq6114-em1103_firmwarep3344-v_firmwareq3615-vem3114-r_firmwarep5512m1045-lw_firmwareq7414_bladep3224-v_mk_ii_firmwarep3343-vq6035q7436_bladem1125m3016a8004-vq1765-le_firmwareq3505-v_mk_iiq6054-e_mk_ii_firmwareq8741-ep3344-vep3363-v_firmwarep1405-le_mk_iiq6042companion_recorder_4chq8742-e_zoom_firmwarecompanion_bullet_le_firmwarem3046-vp1344-e_firmwarep3344_firmwareq1922q1615-e_firmwarep3374-lv_firmwarep1254_firmwareq1604_firmwareq1614-e_firmwarep3346-vq6055-cp5624-e_mk_iiq6055p3375-lv_firmwareq7436_blade_firmwarep3215-vv5915_firmwareq6042-c_firmwarep1405-le_mk_ii_firmwarem3045-vm3047-p_firmwarem1145m1113-e_firmwarep1355-e_firmwarea9161p3227-lveq6045_mk_iif34_main_unitp5512_firmwarem5065_firmwareq1615-e_mk_iim3044-vp3227-lv_firmwarep3343-ve_firmwarep3365-vecompanion_dome_v_firmwarem3048-p_firmwarep3375-lve_firmwarem3026-veq2901-e_pt_mount_firmwarem1144-lq8722-e_firmwarem5014-v_firmwarem5014q1765-le_pt_mountq8742-em3048-pm3204-v_firmwarep1357-em3106-lvep3905-req1605-zp1125-z_firmwareq6124-e_firmwarep3346p3215-veq6044q1932-eq3709-pved2050-ve_firmwareq3517-lvem1144-l_firmwarem3114-ve_firmwarep5515m2025-le_firmwareq8721-eq7424-rp1435-em3015_firmwarep3225-lv_mk_iixf40-q1765m3106-l_firmwareq6044-sq8631-ep3228-lvp3315-zlq7404_firmwarep1343-e_firmwarep5532xp40-q1765_firmwareq6045-e_firmwarep1343p1365-eq6000-exf60-q2901_firmwarev5914_firmwaref44_dual_audio_inputm3044-v_firmwarep1365-e_mk_iiq3708-pvep3363-ve_firmwarep1280p1353-e_firmwarep1265_firmwarem3106-lp1447-le_firmwarep1290p5532-e_firmwarep7224_blade_firmwareq6055-ecompanion_eye_lve_firmwareq8414-lvs_firmwareq1775-em5014_firmwarem1034-wp1354m2026-le_mk_ii_firmwarem7011_firmwareq6055-e_firmwarem3104-lvep3905-re_firmwareq6045-cxf40-q1765_firmwarep1347-em1114-e_firmwareq6055-c_firmwareq8742-e_firmwarem2014-e_firmwarep3224-lve_mk_iip5534m7016_firmwareq6042-e_firmwarec3003-e_firmwareq6055-sm3026-ve_firmwareq6128-e_firmwarep1405-le_firmwareq7406_bladep3227-lvp7214_firmwarep5534-ep5635-eq8722-eq6045-e_mk_ii_firmwarep3375-v_firmwarec3003-em3024-lveq1910-e_firmwarecompanion_eye_l_firmwarep3346-vep3915-rp1347_firmwarem5055q6044-cc8033p1365-e_firmwarep3314-zl_firmwarep8513_firmwareq3505-v_firmwarep3214-v_firmwarep3224-ve_mk_ii_firmwareq6054_mk_iip3114-z_firmwarem3045-wv_firmwarep5514_firmwareq1910_firmwarem3113-ve_firmwarep8524m3045-v_firmwarep1344_firmwareq6054_firmwarep3905-r_firmwarecompanion_dome_vq6054-eq8675-ze_firmwarep3344-ve_firmwarem1004-wq8741-le_firmwarep3706-z_firmwarev5915p1224-ep1365_firmwareq6044-s_firmwarep3304q6034_firmwareq3505-vecompanion_cube_l_firmwarem3007-pv_firmwarep3224-lv_firmwareq6032-cm3204-vp3364-lvep3705-z_firmwarem2014-ep3367-vep1275p1405-e_firmwaref44_main_unit_firmwareq3505-ve_firmwareq8632-e_firmwarem7010m3203p3125-z_firmwarep1264_firmwarep1365_mk_iip3228-lv_firmwareq1615-ep1448-leq6045_firmwarep1365q8742-le_firmwarem1125_firmwarem2026-le_mk_iim3114-rp3125-zq8742-le_zoom_firmwarem3037-pveq6044_firmwarem7011q6034-ep3374-lvp1427-e_firmwarep3115-z_firmwarep5635-zem1113_firmwarep3707-pep3314-zm3045-wvq3505-v_mk_ii_firmwarecompanion_cube_lw_firmwarep1435-lep5534-e_firmwarem1013_firmwareq1602-e_firmwareq6034-c_firmwarep1355-ep3225-ve_mk_iip5415-e_firmwarep1325-zq1922-eq6042-ep3364-lv_firmwarep3224-lveq6055_firmwarem3105-lp5515-e_firmwareq1605-z_firmwareq7414_blade_firmwarep3904-r_mk_iip1126-z_firmwareq8675-zeq6052-ecompanion_recorder_4ch_firmwarep1214p3301m3105-lveq1922-e_firmwarep3214-ve_firmwarep5515_firmwarexf40-q2901xf40-q2901_firmwarea9188f41_main_unit_firmwareq6044-c_firmwarep1364-eq1645p3384-ve_firmwarem1104q6054-e_mk_iip3706-zp5635-e_mk_ii_firmwarep3363-vq6035-e_firmwarep5522_firmwareq3615-ve_firmwarep1425-le_mk_iiq6032q7424-r_firmwareq8665-e_firmwareq6032_firmwarep1126-zl_firmwarem1065-lp1214-e_firmwarep1427-le_firmwarep5544_firmwarep3905-r_mk_ii_firmwarem2026-lep3374-vd201-s_xpt_q6055_firmwarem3027-pvep3315-zm3007-p_firmwarem5065m1143-l_firmwareq2901-ef44_main_unitq8741-lep3384-vq3505-vq6032-c_firmwarep3343-veq6125-le_firmwarep3904-r_firmwarep5635-e_firmwarep3367-ve_firmwareq1931-eq8665-lecompanion_bullet_lep1427-lep1126-zq1942-e_firmwareq1635-ep3375-lvep1427-ea9188-v_firmwarep3225-lv_firmwarep3905-r_mk_iiq6035-em3024-lve_firmwarep3114-i_firmwareq6000-e_mk_iip1357q6042-s_firmwareq8742-e_zoomm1125-e_firmwarep1353-ep3364-v_firmwarep1428-e_firmwarep5635-e_mk_iiq3517-lvq8641-ep3365-ve_firmwarep5544q1615_firmwareq1932-e_pt_mount_firmwarem1113-em3203_firmwarec1004-ep5414-ep5522q1635q6032-e_firmwareq3504-ve_firmwareq8685-le_firmwarem1025q7406_blade_firmwareq6045-c_firmwarem3016_firmwareq1614m1113companion_eye_lveq1615m2025-lep1354-e_firmwarep3214-vem1124_firmwarep3115-i_firmwarem3113-rq1921-e_firmwarem1034-w_firmwarep1347p1264q6044-e_firmwarem1033-wq1604-ep1365-e_mk_ii_firmwarep3346-ve_firmwarep3375-lvq1659p3228-lve_firmwareq1775p1325-z_firmwarep1448-le_firmwarec1004-e_firmwarem3044-wv_firmwareq1645_firmwarep3314-zlq6035-cp3225-ve_mk_ii_firmwarep7224_bladem1114a9188-vq1635-z_firmwareq6035-c_firmwareq3505-ve_mk_ii_firmwarep1347-e_firmwaref41_main_unitm3046-v_1.8mmm3203-vp1280_firmwarem3046-v_firmwareq6128-eq8665-eq1941-e_pt_mountm3046-v_1.8mm_firmwareq8741-e_firmwarev5914f34_main_unit_firmwarep5522-em3106-l_mk_iip5414-e_firmwarep1367_firmwarep1245_firmwarep3367-v_firmwareq1941-e_firmwarep1357_firmwarep5415-eq3515-lvp8513m1114-eq1922_firmwarep3225-lve_mk_ii_firmwarep3224-lvp1265q3504-v_firmwarem1104_firmwarefa54_main_unit_firmwarep3301-vxf60-q2901q6045-sm3014_firmwarep3353_firmwarep1244_firmwarem3027-pve_firmwarem5013q1615_mk_iim3014d201-s_xpt_q6055p5635-ze_firmwareq7424-r_mk_iip3384-veq6045-e_mk_iiq8641-e_firmwarem3005-v_firmwareq8631-e_firmwarem3114-vep1354-ep3224-lve_mk_ii_firmwarep3315-z_firmwareq3709-pve_firmwarep5624-e_mk_ii_firmwareq3505-ve_mk_iim1145-l_firmwarec2005p3224-lv_mk_ii_firmwareq6045-s_firmwarep5514p3904-rq1615_mk_ii_firmwarem1004-w_firmwarem5525-e_firmwarep3225-lv_mk_ii_firmwareq3505-sve_mk_ii_firmwareq6115-eq1755-e_firmwareq6052-e_firmwarep3225-lveq1921p1214_firmwarecompanion_recorder_8ch_firmwarem5054p3115-zp8524_firmwarem5013-vm1143-lm7010_firmwarem1145-lp5624-ep3915-r_mk_ii_firmwarem7014_firmwareq1921_firmwareq1921-em3007-pvm3104-lve_firmwareq6124-ep3375-vxp40-q1765m1045-lwp3215-v_firmwarep3225-v_mk_ii_firmwarep1343_firmwareq1910q6045-ecompanion_recorder_8chm3047-pm3104-l_firmwarep1355p3915-r_mk_iip5512-e_firmwarem5055_firmwareq6042-scompanion_cube_lwm3004-vp1435-le_firmwaref44_dual_audio_input_firmwarem5525-ep3224-ve_mk_iip1367-eq6045-c_mk_ii_firmwareq1635-e_firmwareq1931-e_firmwareq3517-lve_firmwarep3346-v_firmwarea1001q6042_firmwareq6000-e_mk_ii_firmwarep1364-e_firmwarea1001_firmwarep3353q3504-veq3515-lv_firmwareq1775-e_firmwarep1368-ep7210_firmwareq8742-lem5054_firmwarep7210p1367companion_c360_firmwareq6155-e_firmwarem3004-v_firmwareq6034-cq3515-lvefa54_main_unitm5013_firmwareq3617-veq6125-lep3343_firmwarep3364-vq6034m2026-le_firmwareq8642-em3113-r_firmwareq6155-ep3905-rm1065-lwm3015p1365_mk_ii_firmwarep1447-lep3115-iq1942-e_pt_mount_firmwareq7404m3204_firmwarep1353_firmwarep1125-zl_firmwarem3106-lve_firmwarep1290_firmwarem3037-pve_firmwarep3365-v_firmwarep1244p5522-e_firmwareq3517-lv_firmwareq8655-zlep3314-z_firmwarep5514-em1014_firmwarep3384-v_firmwareq1614_firmwarep7216m7016q6035_firmwarecompanion_dome_wv_firmwarem5013-v_firmwarep3364-lve_firmwareq1932-e_firmwarem3025-ve_firmwarep7214q1647_firmwarexp40-q1942_firmwarep1368-e_firmwarem1065-l_firmwarep8514m3113-vep3304-vp1367-e_firmwarep3354_firmwarem1124-e_firmwareq1941-e_pt_mount_firmwareq6114-e_firmwarec8033_firmwarem1065-lw_firmwarep1435-e_firmwareq6034-e_firmwareq1942-ep3214-vp3225-lve_firmwarep1125-zlq8685-e_firmwarep1346p3343-v_firmwareq8632-eq6045p3227-lve_firmwareq3708-pve_firmwarep1275_firmwarem3025-vep1425-e_firmwareq6052_firmwareq6055-s_firmwarep3224-lv_mk_iip3304_firmwareq6054m1114_firmwareq1765-leq7411p3114-id2050-veq1659_firmwarep1425-em5014-vq1755-em3006-vp3225-lvq6000-e_firmwarep1364_firmwarep3304-v_firmwarem1014a9161_firmwarem1124-ep5532_firmwareq8665-le_firmwarem7014p3367-vp1204p5534_firmwarep3344p1355_firmwareq3515-lve_firmwarea9188_firmwarep3346_firmwarep3315-zl_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1509
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-5||MEDIUM
EPSS-3.68% / 87.44%
||
7 Day CHG~0.00%
Published-14 May, 2010 | 19:24
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0564
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.39% / 79.57%
||
7 Day CHG~0.00%
Published-10 Feb, 2010 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-5129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.52% / 65.68%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password.

Action-Not Available
Vendor-websensen/a
Product-websense_v10000n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-5128
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.44% / 62.12%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (memory consumption and process crash) via a large file that is not properly handled during buffering.

Action-Not Available
Vendor-websensen/a
Product-websense_v10000n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0417
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.21% / 86.52%
||
7 Day CHG~0.00%
Published-18 Feb, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.

Action-Not Available
Vendor-n/aRealNetworks LLC
Product-helix_playerrealplayern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.71% / 81.59%
||
7 Day CHG~0.00%
Published-28 Oct, 2009 | 14:00
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL.

Action-Not Available
Vendor-squidguardn/a
Product-squidguardn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-4500
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.73% / 71.84%
||
7 Day CHG~0.00%
Published-31 Dec, 2009 | 18:00
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aZABBIX
Product-zabbixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3896
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.96% / 85.95%
||
7 Day CHG~0.00%
Published-24 Nov, 2009 | 17:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.

Action-Not Available
Vendor-nginxn/aF5, Inc.
Product-nginxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-4553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.04% / 86.15%
||
7 Day CHG~0.00%
Published-04 Jan, 2010 | 17:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in iRehearse allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a .m3u playlist file.

Action-Not Available
Vendor-rjvmedian/a
Product-irehearsen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.82% / 87.66%
||
7 Day CHG~0.00%
Published-04 Nov, 2009 | 18:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.

Action-Not Available
Vendor-n/aNovell
Product-groupwisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.40% / 86.93%
||
7 Day CHG~0.00%
Published-28 Oct, 2009 | 14:00
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode."

Action-Not Available
Vendor-squidguardn/a
Product-squidguardn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3560
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.96% / 85.95%
||
7 Day CHG+0.61%
Published-04 Dec, 2009 | 21:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

Action-Not Available
Vendor-libexpat_projectxmltwign/aThe Apache Software Foundation
Product-xml-twig_for_perlhttp_serverlibexpatn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-25.55% / 96.01%
||
7 Day CHG~0.00%
Published-25 Sep, 2009 | 23:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-13997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.87%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 12:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Genann through 2018-07-08 has a SEGV in genann_run in genann.c.

Action-Not Available
Vendor-codeplean/a
Product-genannn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.01% / 89.31%
||
7 Day CHG~0.00%
Published-20 Aug, 2009 | 22:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.

Action-Not Available
Vendor-ntopn/a
Product-ntopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.64% / 69.70%
||
7 Day CHG~0.00%
Published-10 Aug, 2009 | 20:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_sen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.64% / 69.70%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 18:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.

Action-Not Available
Vendor-n/aPidgin
Product-libpurplepidginn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3083
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.28% / 78.78%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 18:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.

Action-Not Available
Vendor-n/aPidgin
Product-libpurplepidginn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.66% / 70.08%
||
7 Day CHG~0.00%
Published-21 Jul, 2009 | 17:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.04%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.

Action-Not Available
Vendor-n/aGNU
Product-osipn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 12
  • 13
  • Next
Details not found