Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1955

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Jun, 2009 | 18:00
Updated At-07 Aug, 2024 | 05:36
Rejected At-
Credits

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Jun, 2009 | 18:00
Updated At:07 Aug, 2024 | 05:36
Rejected At:
▼CVE Numbering Authority (CNA)

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/35487
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1812
vendor-advisory
x_refsource_DEBIAN
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1907
vdb-entry
x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/35444
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=apr-dev&m=124396021826125&w=2
mailing-list
x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
vendor-advisory
x_refsource_MANDRIVA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/35360
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1107
vdb-entry
x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2009/06/03/4
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/35395
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
vendor-advisory
x_refsource_AIXAPAR
http://www.securityfocus.com/archive/1/506053/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/35284
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
vendor-advisory
x_refsource_AIXAPAR
http://secunia.com/advisories/36473
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
vendor-advisory
x_refsource_AIXAPAR
http://secunia.com/advisories/35843
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
vendor-advisory
x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2009-1108.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=129190899612998&w=2
vendor-advisory
x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/35797
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200907-03.xml
vendor-advisory
x_refsource_GENTOO
http://svn.apache.org/viewvc?view=rev&revision=781403
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
vendor-advisory
x_refsource_FEDORA
http://www.ubuntu.com/usn/usn-786-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/34724
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/37221
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35565
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3184
vdb-entry
x_refsource_VUPEN
http://wiki.rpath.com/Advisories:rPSA-2009-0123
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/8842
exploit
x_refsource_EXPLOIT-DB
http://marc.info/?l=bugtraq&m=129190899612998&w=2
vendor-advisory
x_refsource_HP
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
vendor-advisory
x_refsource_SLACKWARE
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
vendor-advisory
x_refsource_APPLE
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/35710
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/35253
vdb-entry
x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2009-1107.html
vendor-advisory
x_refsource_REDHAT
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-787-1
vendor-advisory
x_refsource_UBUNTU
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/35487
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2009/dsa-1812
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2009/1907
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/35444
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=apr-dev&m=124396021826125&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/35360
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/1107
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.openwall.com/lists/oss-security/2009/06/03/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/35395
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.securityfocus.com/archive/1/506053/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/35284
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://secunia.com/advisories/36473
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://secunia.com/advisories/35843
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1108.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/35797
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-03.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://svn.apache.org/viewvc?view=rev&revision=781403
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.ubuntu.com/usn/usn-786-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/34724
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/37221
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35565
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0123
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.exploit-db.com/exploits/8842
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/35710
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/35253
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1107.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://support.apple.com/kb/HT3937
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/usn-787-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/35487
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2009/dsa-1812
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2009/1907
vdb-entry
x_refsource_VUPEN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/35444
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=apr-dev&m=124396021826125&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/35360
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/1107
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.openwall.com/lists/oss-security/2009/06/03/4
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/35395
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.securityfocus.com/archive/1/506053/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/35284
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://secunia.com/advisories/36473
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://secunia.com/advisories/35843
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1108.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=129190899612998&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/35797
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
x_refsource_CONFIRM
x_transferred
http://security.gentoo.org/glsa/glsa-200907-03.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://svn.apache.org/viewvc?view=rev&revision=781403
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.ubuntu.com/usn/usn-786-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/34724
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/37221
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35565
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/3184
vdb-entry
x_refsource_VUPEN
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2009-0123
x_refsource_CONFIRM
x_transferred
https://www.exploit-db.com/exploits/8842
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://marc.info/?l=bugtraq&m=129190899612998&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
x_refsource_CONFIRM
x_transferred
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/35710
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/35253
vdb-entry
x_refsource_BID
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1107.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/usn-787-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/35487
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1812
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1907
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/35444
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=apr-dev&m=124396021826125&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/35360
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1107
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2009/06/03/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/35395
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/506053/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/35284
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://secunia.com/advisories/36473
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://secunia.com/advisories/35843
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1108.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/35797
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-03.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://svn.apache.org/viewvc?view=rev&revision=781403
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-786-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/34724
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/37221
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35565
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0123
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/8842
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/35710
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35253
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1107.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://support.apple.com/kb/HT3937
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-787-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jun, 2009 | 01:00
Updated At:02 Feb, 2024 | 14:11

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
The Apache Software Foundation
apache
>>apr-util>>Versions before 1.3.7(exclusive)
cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions before 10.6.2(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>9
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.10
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.04
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>9
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>10
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>11
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>http_server>>-
cpe:2.3:a:oracle:http_server:-:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>Versions from 2.2.0(inclusive) to 2.2.12(exclusive)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-776Primarynvd@nist.gov
CWE ID: CWE-776
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://marc.info/?l=apr-dev&m=124396021826125&w=2cve@mitre.org
Mailing List
Patch
http://marc.info/?l=bugtraq&m=129190899612998&w=2cve@mitre.org
Mailing List
http://secunia.com/advisories/34724cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35284cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35360cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35395cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35444cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35487cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35565cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35710cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35797cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35843cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/36473cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/37221cve@mitre.org
Broken Link
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200907-03.xmlcve@mitre.org
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210cve@mitre.org
Broken Link
Third Party Advisory
http://support.apple.com/kb/HT3937cve@mitre.org
Broken Link
http://svn.apache.org/viewvc?view=rev&revision=781403cve@mitre.org
Patch
http://wiki.rpath.com/Advisories:rPSA-2009-0123cve@mitre.org
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342cve@mitre.org
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241cve@mitre.org
Broken Link
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478cve@mitre.org
Broken Link
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27014463cve@mitre.org
Broken Link
Third Party Advisory
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3cve@mitre.org
Broken Link
http://www.debian.org/security/2009/dsa-1812cve@mitre.org
Mailing List
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131cve@mitre.org
Broken Link
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150cve@mitre.org
Broken Link
Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/06/03/4cve@mitre.org
Mailing List
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.htmlcve@mitre.org
Patch
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1107.htmlcve@mitre.org
Broken Link
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1108.htmlcve@mitre.org
Broken Link
Third Party Advisory
http://www.securityfocus.com/archive/1/506053/100/0/threadedcve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/35253cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-786-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/usn-787-1cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1907cve@mitre.org
Broken Link
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3184cve@mitre.org
Broken Link
Third Party Advisory
http://www.vupen.com/english/advisories/2010/1107cve@mitre.org
Broken Link
Third Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270cve@mitre.org
Broken Link
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473cve@mitre.org
Broken Link
Third Party Advisory
https://www.exploit-db.com/exploits/8842cve@mitre.org
Exploit
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.htmlcve@mitre.org
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.htmlcve@mitre.org
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.htmlcve@mitre.org
Mailing List
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=apr-dev&m=124396021826125&w=2
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://secunia.com/advisories/34724
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35284
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35360
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35395
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35444
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35487
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35565
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35710
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35797
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35843
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/36473
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/37221
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-03.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3937
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://svn.apache.org/viewvc?view=rev&revision=781403
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0123
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2009/dsa-1812
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2009/06/03/4
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1107.html
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1108.html
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/506053/100/0/threaded
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/35253
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-786-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-787-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1907
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1107
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/8842
Source: cve@mitre.org
Resource:
Exploit
VDB Entry
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
Source: cve@mitre.org
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

2313Records found
CVE-2006-6015
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.02% / 91.10%
||
7 Day CHG~0.00%
Published-21 Nov, 2006 | 23:00
Updated-07 Aug, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2019-2459
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.47% / 80.12%
||
7 Day CHG-0.27%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2010-0910
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.20%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-timesten_in-memory_databasen/a
CVE-2019-5419
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-9.06% / 92.30%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 13:43
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxRuby on RailsopenSUSERed Hat, Inc.
Product-debian_linuxsoftware_collectionsfedoracloudformsrailsleaphttps://github.com/rails/rails
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2013-4081
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.26% / 78.59%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0806
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.20%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle CorporationMicrosoft Corporation
Product-windowsdatabase_servern/a
CVE-2017-17740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.84% / 85.66%
||
7 Day CHG~0.00%
Published-18 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

Action-Not Available
Vendor-openldapn/aMcAfee, LLCopenSUSEOracle Corporation
Product-openldapleapblockchain_platformpolicy_auditorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4560
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-5.78% / 90.14%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

Action-Not Available
Vendor-lighttpdn/aDebian GNU/LinuxopenSUSE
Product-lighttpddebian_linuxopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2013-3834
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.20%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5 allows remote attackers to affect availability via unknown vectors related to ttaauxserv.

Action-Not Available
Vendor-n/aOracle Corporation
Product-virtualizationn/a
CVE-2013-4283
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.26%
||
7 Day CHG~0.00%
Published-10 Sep, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

Action-Not Available
Vendor-n/aFedora Project
Product-389_directory_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-17846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.78%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

Action-Not Available
Vendor-enigmailn/aDebian GNU/Linux
Product-enigmaildebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4412
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 12:44
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slim has NULL pointer dereference when using crypt() method from glibc 2.17

Action-Not Available
Vendor-berliosslimDebian GNU/LinuxGNU
Product-glibcslimdebian_linuxslim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-17935
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.95%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5815
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 00:55
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

Action-Not Available
Vendor-libxml2 (XMLSoft)Google LLCDebian GNU/Linux
Product-libxsltdebian_linuxChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-6219
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.54%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchoswatchOSmacOSiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2017-17818
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.70%
||
7 Day CHG~0.00%
Published-21 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.

Action-Not Available
Vendor-nasmn/aCanonical Ltd.
Product-ubuntu_linuxnetwide_assemblern/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-18189
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.03%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 10:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.

Action-Not Available
Vendor-n/aSoX - Sound eXchangeDebian GNU/Linux
Product-debian_linuxsound_exchangen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-41772
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.55%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

Action-Not Available
Vendor-n/aOracle CorporationFedora ProjectGo
Product-gofedoratimesten_in-memory_databasen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-41054
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.60%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 20:43
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.

Action-Not Available
Vendor-atftp_projectn/aDebian GNU/Linux
Product-atftpdebian_linuxn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2013-4077
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.06% / 76.74%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18359
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.07% / 83.20%
||
7 Day CHG~0.00%
Published-25 Jan, 2019 | 05:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.

Action-Not Available
Vendor-postgisn/aDebian GNU/Linux
Product-debian_linuxpostgisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4130
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.10% / 77.16%
||
7 Day CHG~0.00%
Published-20 Aug, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.

Action-Not Available
Vendor-spice_projectn/aCanonical Ltd.
Product-ubuntu_linuxspicen/a
CVE-2021-41817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.20%
||
7 Day CHG~0.00%
Published-01 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxRubySUSEopenSUSERed Hat, Inc.
Product-debian_linuxfactorysoftware_collectionslinux_enterprisefedoraenterprise_linuxrubydateleapn/a
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2017-18265
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 76.75%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 17:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module.

Action-Not Available
Vendor-prosodyn/aDebian GNU/Linux
Product-prosodydebian_linuxn/a
CVE-2013-4074
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-33.48% / 96.78%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CVE-2021-41561
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.61%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 11:20
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Parquet-MR potential DoS in case of malicious Parquet file

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-parquet-mrApache Parquet
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4182
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.02%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationFedora Project
Product-wiresharkhttp_serverfedorazfs_storage_appliance_kitWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-4185
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitwiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-17997
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.10%
||
7 Day CHG~0.00%
Published-30 Dec, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-4190
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationFedora Project
Product-wiresharkfedoraWireshark
CWE ID-CWE-834
Excessive Iteration
CVE-2017-16232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.74% / 81.72%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 16:44
Updated-05 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

Action-Not Available
Vendor-n/aopenSUSELibTIFFSUSE
Product-linux_enterprise_software_development_kitlinux_enterprise_serverlibtifflinux_enterprise_desktopleapn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-16227
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.03%
||
7 Day CHG~0.00%
Published-29 Oct, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

Action-Not Available
Vendor-quaggan/aDebian GNU/Linux
Product-quaggadebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-5779
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-51.90% / 97.82%
||
7 Day CHG~0.00%
Published-07 Nov, 2006 | 18:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

Action-Not Available
Vendor-openldapn/aCanonical Ltd.
Product-ubuntu_linuxopenldapn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2024-4140
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.35%
||
7 Day CHG-0.17%
Published-02 May, 2024 | 19:59
Updated-26 Aug, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.

Action-Not Available
Vendor-rjbsrjbsrjbsFedora Project
Product-email-mimefedoraEmail-MIMEemail_mime
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-20387
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 78.15%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 22:54
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSE
Product-libsolvdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-41079
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.04% / 9.84%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat DoS with unexpected TLS packet

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtomcatmanagement_services_for_element_software_and_netapp_hciApache Tomcat
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2013-4124
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-86.81% / 99.39%
||
7 Day CHG~0.00%
Published-05 Aug, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Action-Not Available
Vendor-n/aSambaopenSUSERed Hat, Inc.Fedora ProjectCanonical Ltd.
Product-enterprise_linuxsambafedoraopensuseubuntu_linuxn/a
CVE-2017-16944
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-77.18% / 98.93%
||
7 Day CHG~0.00%
Published-25 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.

Action-Not Available
Vendor-n/aEximDebian GNU/Linux
Product-debian_linuxeximn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2013-4133
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 14:36
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kde-workspace before 4.10.5 has a memory leak in plasma desktop

Action-Not Available
Vendor-KDEDebian GNU/Linux
Product-kde-workspacedebian_linuxkde-workspace
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2017-17085
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.27% / 93.25%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-41771
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.55%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectGo
Product-godebian_linuxfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-4181
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.44%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitwiresharkWireshark
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-3560
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.45% / 87.05%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2013-3555
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.40% / 86.92%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3557
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.18% / 88.24%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2488
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.87% / 87.76%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3562
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.44% / 87.02%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CVE-2013-3559
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.04% / 89.34%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CVE-2021-4184
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 9.66%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitwiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2006-4997
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-35.02% / 96.90%
||
7 Day CHG~0.00%
Published-09 Oct, 2006 | 23:00
Updated-07 Aug, 2024 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxenterprise_linuxlinux_kerneln/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 46
  • 47
  • Next
Details not found