Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-2185

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Jun, 2009 | 23:00
Updated At-07 Aug, 2024 | 05:44
Rejected At-
Credits

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Jun, 2009 | 23:00
Updated At:07 Aug, 2024 | 05:44
Rejected At:
â–¼CVE Numbering Authority (CNA)

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.vupen.com/english/advisories/2009/1639
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/35740
third-party-advisory
x_refsource_SECUNIA
http://www.ingate.com/Relnote.php?ver=481
x_refsource_CONFIRM
http://www.securitytracker.com/id?1022428
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2009-1138.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/1706
vdb-entry
x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/36950
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35522
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/36922
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/37504
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1899
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/35452
vdb-entry
x_refsource_BID
http://download.strongswan.org/CHANGES42.txt
x_refsource_CONFIRM
http://download.strongswan.org/CHANGES2.txt
x_refsource_CONFIRM
http://up2date.astaro.com/2009/07/up2date_7404_released.html
x_refsource_CONFIRM
http://www.debian.org/security/2009/dsa-1898
vendor-advisory
x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2009/1829
vdb-entry
x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/35698
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3354
vdb-entry
x_refsource_VUPEN
http://download.strongswan.org/CHANGES4.txt
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/35804
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1639
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/35740
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ingate.com/Relnote.php?ver=481
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1022428
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1138.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2009/1706
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/36950
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35522
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/36922
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/37504
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2009/dsa-1899
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/35452
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://download.strongswan.org/CHANGES42.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://download.strongswan.org/CHANGES2.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://up2date.astaro.com/2009/07/up2date_7404_released.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2009/dsa-1898
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.vupen.com/english/advisories/2009/1829
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/35698
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/3354
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://download.strongswan.org/CHANGES4.txt
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/35804
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.vupen.com/english/advisories/2009/1639
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/35740
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ingate.com/Relnote.php?ver=481
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1022428
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1138.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2009/1706
vdb-entry
x_refsource_VUPEN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/36950
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35522
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/36922
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/37504
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2009/dsa-1899
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/35452
vdb-entry
x_refsource_BID
x_transferred
http://download.strongswan.org/CHANGES42.txt
x_refsource_CONFIRM
x_transferred
http://download.strongswan.org/CHANGES2.txt
x_refsource_CONFIRM
x_transferred
http://up2date.astaro.com/2009/07/up2date_7404_released.html
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2009/dsa-1898
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.vupen.com/english/advisories/2009/1829
vdb-entry
x_refsource_VUPEN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/35698
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/3354
vdb-entry
x_refsource_VUPEN
x_transferred
http://download.strongswan.org/CHANGES4.txt
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/35804
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1639
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/35740
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ingate.com/Relnote.php?ver=481
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022428
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1138.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1706
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/36950
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35522
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/36922
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/37504
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1899
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35452
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://download.strongswan.org/CHANGES42.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://download.strongswan.org/CHANGES2.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://up2date.astaro.com/2009/07/up2date_7404_released.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1898
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1829
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/35698
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/3354
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://download.strongswan.org/CHANGES4.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/35804
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Jun, 2009 | 02:00
Updated At:23 Apr, 2026 | 00:35

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

strongswan
strongswan
>>strongswan>>2.8.0
cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.1
cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.2
cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.3
cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.4
cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.5
cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.6
cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.7
cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.8
cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.9
cpe:2.3:a:strongswan:strongswan:2.8.9:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>2.8.10
cpe:2.3:a:strongswan:strongswan:2.8.10:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.1
cpe:2.3:a:strongswan:strongswan:4.1:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.0
cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.1
cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.2
cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.3
cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.4
cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.5
cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.6
cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.7
cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.8
cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.9
cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.10
cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.11
cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.12
cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.13
cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.14
cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.2.15
cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.3.0
cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>4.3.1
cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.4.0
cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.4.1
cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.4.2
cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.4.3
cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.4.4
cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.4.5
cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.4.9
cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.4.10
cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.03
cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.04
cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.05
cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.06
cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.07
cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.08
cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.09
cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.10
cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.11
cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.12
cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.13
cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*
xelerance
xelerance
>>openswan>>2.6.14
cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://download.strongswan.org/CHANGES2.txtcve@mitre.org
Vendor Advisory
http://download.strongswan.org/CHANGES4.txtcve@mitre.org
Vendor Advisory
http://download.strongswan.org/CHANGES42.txtcve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35522cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35698cve@mitre.org
N/A
http://secunia.com/advisories/35740cve@mitre.org
N/A
http://secunia.com/advisories/35804cve@mitre.org
N/A
http://secunia.com/advisories/36922cve@mitre.org
N/A
http://secunia.com/advisories/36950cve@mitre.org
N/A
http://secunia.com/advisories/37504cve@mitre.org
N/A
http://up2date.astaro.com/2009/07/up2date_7404_released.htmlcve@mitre.org
N/A
http://www.debian.org/security/2009/dsa-1898cve@mitre.org
N/A
http://www.debian.org/security/2009/dsa-1899cve@mitre.org
N/A
http://www.ingate.com/Relnote.php?ver=481cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2009-1138.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/35452cve@mitre.org
Patch
http://www.securitytracker.com/id?1022428cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1639cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1706cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1829cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/3354cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.htmlcve@mitre.org
N/A
http://download.strongswan.org/CHANGES2.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://download.strongswan.org/CHANGES4.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://download.strongswan.org/CHANGES42.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/35522af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/35698af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35740af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35804af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36922af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36950af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37504af854a3a-2127-422b-91ae-364da2661108
N/A
http://up2date.astaro.com/2009/07/up2date_7404_released.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2009/dsa-1898af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2009/dsa-1899af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ingate.com/Relnote.php?ver=481af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2009-1138.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/35452af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1022428af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1639af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1706af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1829af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/3354af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://download.strongswan.org/CHANGES2.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://download.strongswan.org/CHANGES4.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://download.strongswan.org/CHANGES42.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35522
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35698
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35740
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35804
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36922
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36950
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37504
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://up2date.astaro.com/2009/07/up2date_7404_released.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1898
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1899
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ingate.com/Relnote.php?ver=481
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1138.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35452
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022428
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1639
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1706
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1829
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3354
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://download.strongswan.org/CHANGES2.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://download.strongswan.org/CHANGES4.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://download.strongswan.org/CHANGES42.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35522
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35698
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35740
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35804
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36922
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36950
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37504
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://up2date.astaro.com/2009/07/up2date_7404_released.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1898
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1899
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ingate.com/Relnote.php?ver=481
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1138.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35452
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022428
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1639
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1706
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1829
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3354
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1110Records found

CVE-2014-2037
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.22%
||
7 Day CHG~0.00%
Published-26 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

Action-Not Available
Vendor-xelerancen/a
Product-openswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0790
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.21% / 86.59%
||
7 Day CHG+0.03%
Published-01 Apr, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.

Action-Not Available
Vendor-xelerancestrongswann/a
Product-openswanstrongswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9022
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.73% / 74.83%
||
7 Day CHG-0.22%
Published-08 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxstrongswanubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6466
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.66% / 83.88%
||
7 Day CHG~0.00%
Published-26 Jan, 2014 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

Action-Not Available
Vendor-xelerancen/a
Product-openswann/a
CVE-2013-6075
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.45% / 82.38%
||
7 Day CHG~0.00%
Published-02 Nov, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2661
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.58% / 72.48%
||
7 Day CHG~0.00%
Published-04 Aug, 2009 | 16:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CVE-2009-1958
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.95% / 85.47%
||
7 Day CHG+0.02%
Published-06 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CVE-2009-1957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.95% / 85.47%
||
7 Day CHG~0.00%
Published-06 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CVE-2018-6459
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.07% / 60.73%
||
7 Day CHG-0.02%
Published-20 Feb, 2018 | 15:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-17540
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.51% / 87.78%
||
7 Day CHG~0.00%
Published-03 Oct, 2018 | 20:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.Debian GNU/Linux
Product-strongswandebian_linuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-41991
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.80% / 90.87%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 13:44
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Action-Not Available
Vendor-strongswann/aDebian GNU/LinuxSiemens AGFedora Project
Product-siplus_s7-1200_cp_1243-1_railsimatic_cp_1242-7_gprs_v2_firmwaresimatic_cp_1542sp-1_firmwarescalance_sc646-2c_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_cp_1243-1_firmwarescalance_sc622-2cscalance_sc646-2csinema_remote_connect_serversiplus_net_cp_1543-1_firmwaresiplus_s7-1200_cp_1243-1_rail_firmwarefedorasimatic_net_cp1243-7_lte_eu_firmwarescalance_sc632-2c_firmwaresimatic_net_cp_1545-1_firmwaresimatic_net_cp_1243-8_ircsimatic_cp_1242-7_gprs_v2scalance_sc622-2c_firmwaresiplus_s7-1200_cp_1243-1_firmwarecp_1543-1_firmwaresimatic_net_cp_1243-8_irc_firmwaresimatic_cp_1243-7_lte\/ussimatic_cp_1543sp-1simatic_cp_1243-7_lte\/us_firmwarestrongswansiplus_et_200sp_cp_1542sp-1_irc_tx_railsiplus_s7-1200_cp_1243-1scalance_sc636-2csimatic_cp_1542sp-1_ircscalance_sc642-2c_firmwaresimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isecdebian_linuxsimatic_cp_1542sp-1_irc_firmwarecp_1543-1simatic_net_cp_1545-1simatic_cp_1543sp-1_firmwaresimatic_cp_1542sp-1scalance_sc642-2csiplus_et_200sp_cp_1543sp-1_isec_tx_railsiplus_et_200sp_cp_1543sp-1_isec_firmwaresiplus_net_cp_1543-1simatic_net_cp1243-7_lte_euscalance_sc636-2c_firmwarescalance_sc632-2cn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-41990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.44% / 92.88%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 13:44
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Action-Not Available
Vendor-strongswann/aDebian GNU/LinuxSiemens AGFedora Project
Product-6gk5876-4aa00-2da2_firmware6gk5812-1ba00-2aa26gk5856-2ea00-3aa16gk6108-4am00-2da26gk5876-4aa00-2da26gk5876-3aa02-2ba2_firmware6gk5816-1aa00-2aa2_firmware6gk5876-3aa02-2ea2_firmware6gk5876-4aa00-2ba26gk5826-2ab00-2ab26gk5856-2ea00-3aa1_firmware6gk5876-4aa00-2ba2_firmware6gk5812-1aa00-2aa2fedora6gk6108-4am00-2da2_firmware6gk5856-2ea00-3da1_firmware6gk5874-2aa00-2aa2_firmware6gk5804-0ap00-2aa2_firmware6gk5874-3aa00-2aa26gk5812-1aa00-2aa2_firmware6gk5816-1ba00-2aa26gk5826-2ab00-2ab2_firmware6gk5874-2aa00-2aa26gk6108-4am00-2ba26gk5615-0aa00-2aa26gk5856-2ea00-3da1strongswan6gk5816-1ba00-2aa2_firmware6gk5874-3aa00-2aa2_firmware6gk5804-0ap00-2aa26gk5876-3aa02-2ea2debian_linux6gk6108-4am00-2ba2_firmware6gk5876-3aa02-2ba26gk5812-1ba00-2aa2_firmware6gk5615-0aa00-2aa2_firmware6gk5816-1aa00-2aa2n/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-10811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.12% / 93.48%
||
7 Day CHG-0.29%
Published-19 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-debian_linuxstrongswanfedoraubuntu_linuxn/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2017-11185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.83% / 84.87%
||
7 Day CHG-0.43%
Published-18 Aug, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-9221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.82% / 88.79%
||
7 Day CHG~0.00%
Published-07 Jan, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.openSUSEDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxstrongswanfedoraopensusen/a
CVE-2014-2891
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.51% / 82.87%
||
7 Day CHG+0.02%
Published-07 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.

Action-Not Available
Vendor-strongswann/aDebian GNU/Linux
Product-strongswann/a
CVE-2011-3380
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.27% / 80.95%
||
7 Day CHG-0.13%
Published-17 Nov, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.

Action-Not Available
Vendor-xelerancen/a
Product-openswann/a
CVE-2013-6076
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.87% / 76.77%
||
7 Day CHG~0.00%
Published-02 Nov, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CVE-2008-4551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.52% / 82.90%
||
7 Day CHG~0.00%
Published-14 Oct, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CVE-2015-8023
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.58% / 83.33%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.
Product-ubuntu_linuxstrongswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.43% / 90.20%
||
7 Day CHG~0.00%
Published-24 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1316
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.15% / 62.90%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1725
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.37% / 68.53%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2342
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.3||MEDIUM
EPSS-1.79% / 75.69%
||
7 Day CHG~0.00%
Published-30 May, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Triangle MicroWorks SCADA Data Gateway Resource Exhaustion

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.

Action-Not Available
Vendor-trianglemicroworksTriangle MicroWorks
Product-scada_data_gatewaySCADA Data Gateway
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-2310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.99% / 78.26%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3164
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.28% / 66.51%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 18:40
Updated-15 Nov, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-web_security_applianceemail_security_appliancecontent_security_management_appliancecloud_email_securityCisco Web Security Appliance (WSA)
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2121
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.96% / 85.55%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hosted_collaboration_solutionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2155
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.73% / 74.84%
||
7 Day CHG~0.00%
Published-19 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cns_network_registrarn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-10077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.34%
||
7 Day CHG~0.00%
Published-06 Nov, 2018 | 16:00
Updated-06 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Action-Not Available
Vendor-i18n_projectn/aDebian GNU/Linux
Product-i18ndebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1711
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.30% / 81.19%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 21:55
Updated-19 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR gRPC Software Denial of Service Vulnerability

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0255
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-41.78% / 98.51%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.67% / 94.91%
||
7 Day CHG~0.00%
Published-06 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1349
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.11% / 95.08%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationRed Hat, Inc.
Product-ubuntu_linuxsatelliteenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopmod_perlenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0628
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-1.07% / 60.90%
||
7 Day CHG+0.01%
Published-25 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_micro-edition-suiten/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 11:55
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.

Action-Not Available
Vendor-once_cell_projectn/a
Product-once_celln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0239
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-67.57% / 99.22%
||
7 Day CHG~0.00%
Published-28 May, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0677
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.08% / 79.21%
||
7 Day CHG~0.00%
Published-22 Jan, 2014 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0486
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-3.46% / 87.61%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 16:00
Updated-06 Aug, 2024 | 09:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.

Action-Not Available
Vendor-nicn/a
Product-knot_cmsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0253
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-38.70% / 98.40%
||
7 Day CHG~0.00%
Published-12 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0256
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-41.78% / 98.51%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6700
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.34%
||
7 Day CHG~0.00%
Published-29 Nov, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7112
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.31% / 81.25%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0037
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.40% / 81.97%
||
7 Day CHG~0.00%
Published-28 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."

Action-Not Available
Vendor-zarafan/a
Product-zarafan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0128
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-32.63% / 98.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7177
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-3.23% / 86.75%
||
7 Day CHG~0.00%
Published-01 Feb, 2014 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

Action-Not Available
Vendor-fail2bann/a
Product-fail2bann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0079
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.79% / 75.70%
||
7 Day CHG~0.00%
Published-28 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."

Action-Not Available
Vendor-zarafan/a
Product-zarafan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0082
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.19% / 92.64%
||
7 Day CHG~0.00%
Published-20 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

Action-Not Available
Vendor-n/aRuby on Rails
Product-ruby_on_railsrailsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7294
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.55% / 83.11%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.

Action-Not Available
Vendor-libreswann/a
Product-libreswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0095
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-8.49% / 94.37%
||
7 Day CHG~0.00%
Published-31 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1691
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-2.27% / 80.88%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 21:00
Updated-19 Nov, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability

A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the incomplete error handling of the SSL or TLS packet header during the connection establishment. An attacker could exploit this vulnerability by sending a crafted SSL or TLS packet during the connection handshake. An exploit could allow the attacker to cause the SNORT detection engine to unexpectedly restart, resulting in a partial DoS condition while the detection engine restarts. Versions prior to 6.2.3.4 are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found