Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-4017

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-24 Nov, 2009 | 00:00
Updated At-07 Aug, 2024 | 06:45
Rejected At-
Credits

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:24 Nov, 2009 | 00:00
Updated At:07 Aug, 2024 | 06:45
Rejected At:
â–¼CVE Numbering Authority (CNA)

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667
vdb-entry
signature
x_refsource_OVAL
http://www.php.net/releases/5_2_12.php
x_refsource_CONFIRM
http://secunia.com/advisories/37482
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/40262
third-party-advisory
x_refsource_SECUNIA
http://news.php.net/php.announce/79
mailing-list
x_refsource_MLIST
http://marc.info/?l=bugtraq&m=127680701405735&w=2
vendor-advisory
x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2009:305
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/37821
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
vendor-advisory
x_refsource_APPLE
http://www.securityfocus.com/archive/1/507982/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/41490
third-party-advisory
x_refsource_SECUNIA
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
vendor-advisory
x_refsource_HP
http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
x_refsource_MISC
http://www.debian.org/security/2009/dsa-1940
vendor-advisory
x_refsource_DEBIAN
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/20/7
mailing-list
x_refsource_MLIST
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/20/2
mailing-list
x_refsource_MLIST
http://www.php.net/releases/5_3_1.php
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3593
vdb-entry
x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483
vdb-entry
signature
x_refsource_OVAL
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/41480
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=127680701405735&w=2
vendor-advisory
x_refsource_HP
http://seclists.org/fulldisclosure/2009/Nov/228
mailing-list
x_refsource_FULLDISC
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
vendor-advisory
x_refsource_MANDRIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/54455
vdb-entry
x_refsource_XF
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.php.net/releases/5_2_12.php
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/37482
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/40262
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://news.php.net/php.announce/79
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:305
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/37821
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securityfocus.com/archive/1/507982/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/41490
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
Resource:
x_refsource_MISC
Hyperlink: http://www.debian.org/security/2009/dsa-1940
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.php.net/ChangeLog-5.php
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/20/7
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://support.apple.com/kb/HT4077
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/20/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.php.net/releases/5_3_1.php
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2009/3593
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/41480
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://seclists.org/fulldisclosure/2009/Nov/228
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/54455
Resource:
vdb-entry
x_refsource_XF
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.php.net/releases/5_2_12.php
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/37482
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/40262
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://news.php.net/php.announce/79
mailing-list
x_refsource_MLIST
x_transferred
http://marc.info/?l=bugtraq&m=127680701405735&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:305
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/37821
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securityfocus.com/archive/1/507982/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/41490
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
vendor-advisory
x_refsource_HP
x_transferred
http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
x_refsource_MISC
x_transferred
http://www.debian.org/security/2009/dsa-1940
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2009/11/20/7
mailing-list
x_refsource_MLIST
x_transferred
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2009/11/20/2
mailing-list
x_refsource_MLIST
x_transferred
http://www.php.net/releases/5_3_1.php
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2009/3593
vdb-entry
x_refsource_VUPEN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/41480
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=127680701405735&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://seclists.org/fulldisclosure/2009/Nov/228
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/54455
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.php.net/releases/5_2_12.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/37482
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/40262
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://news.php.net/php.announce/79
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:305
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/37821
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/507982/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/41490
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1940
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.php.net/ChangeLog-5.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/20/7
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://support.apple.com/kb/HT4077
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/20/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.php.net/releases/5_3_1.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/3593
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/41480
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2009/Nov/228
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/54455
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:24 Nov, 2009 | 00:30
Updated At:23 Apr, 2026 | 00:35

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

The PHP Group
php
>>php>>Versions before 5.2.12(exclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:-:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:alpha1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:alpha2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:alpha3:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:beta1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:rc1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:rc2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:rc3:*:*:*:*:*:*
The PHP Group
php
>>php>>5.3.0
cpe:2.3:a:php:php:5.3.0:rc4:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.3
cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>5.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Primarynvd@nist.gov
CWE ID: CWE-770
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlsecalert@redhat.com
Mailing List
http://marc.info/?l=bugtraq&m=127680701405735&w=2secalert@redhat.com
Third Party Advisory
http://news.php.net/php.announce/79secalert@redhat.com
Mailing List
Release Notes
http://seclists.org/fulldisclosure/2009/Nov/228secalert@redhat.com
Mailing List
Third Party Advisory
http://secunia.com/advisories/37482secalert@redhat.com
Broken Link
http://secunia.com/advisories/37821secalert@redhat.com
Broken Link
http://secunia.com/advisories/40262secalert@redhat.com
Broken Link
http://secunia.com/advisories/41480secalert@redhat.com
Broken Link
http://secunia.com/advisories/41490secalert@redhat.com
Broken Link
http://support.apple.com/kb/HT4077secalert@redhat.com
Third Party Advisory
http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2009/dsa-1940secalert@redhat.com
Mailing List
Third Party Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995secalert@redhat.com
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303secalert@redhat.com
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:305secalert@redhat.com
Broken Link
http://www.openwall.com/lists/oss-security/2009/11/20/2secalert@redhat.com
Mailing List
Patch
http://www.openwall.com/lists/oss-security/2009/11/20/7secalert@redhat.com
Mailing List
http://www.php.net/ChangeLog-5.phpsecalert@redhat.com
Release Notes
Vendor Advisory
http://www.php.net/releases/5_2_12.phpsecalert@redhat.com
Release Notes
http://www.php.net/releases/5_3_1.phpsecalert@redhat.com
Release Notes
Vendor Advisory
http://www.securityfocus.com/archive/1/507982/100/0/threadedsecalert@redhat.com
Broken Link
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2009/3593secalert@redhat.com
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/54455secalert@redhat.com
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483secalert@redhat.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667secalert@redhat.com
Broken Link
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=127680701405735&w=2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://news.php.net/php.announce/79af854a3a-2127-422b-91ae-364da2661108
Mailing List
Release Notes
http://seclists.org/fulldisclosure/2009/Nov/228af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://secunia.com/advisories/37482af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/37821af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/40262af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/41480af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/41490af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.apple.com/kb/HT4077af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2009/dsa-1940af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:305af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.openwall.com/lists/oss-security/2009/11/20/2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Patch
http://www.openwall.com/lists/oss-security/2009/11/20/7af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.php.net/ChangeLog-5.phpaf854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
http://www.php.net/releases/5_2_12.phpaf854a3a-2127-422b-91ae-364da2661108
Release Notes
http://www.php.net/releases/5_3_1.phpaf854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
http://www.securityfocus.com/archive/1/507982/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2009/3593af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/54455af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667af854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: secalert@redhat.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://news.php.net/php.announce/79
Source: secalert@redhat.com
Resource:
Mailing List
Release Notes
Hyperlink: http://seclists.org/fulldisclosure/2009/Nov/228
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/37482
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/37821
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/40262
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/41480
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/41490
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://support.apple.com/kb/HT4077
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2009/dsa-1940
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:305
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/20/2
Source: secalert@redhat.com
Resource:
Mailing List
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/20/7
Source: secalert@redhat.com
Resource:
Mailing List
Hyperlink: http://www.php.net/ChangeLog-5.php
Source: secalert@redhat.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.php.net/releases/5_2_12.php
Source: secalert@redhat.com
Resource:
Release Notes
Hyperlink: http://www.php.net/releases/5_3_1.php
Source: secalert@redhat.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/507982/100/0/threaded
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2009/3593
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/54455
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=127680701405735&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://news.php.net/php.announce/79
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Release Notes
Hyperlink: http://seclists.org/fulldisclosure/2009/Nov/228
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/37482
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/37821
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/40262
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/41480
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/41490
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://support.apple.com/kb/HT4077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2009/dsa-1940
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:305
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/20/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/20/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.php.net/ChangeLog-5.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.php.net/releases/5_2_12.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: http://www.php.net/releases/5_3_1.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/507982/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2009/3593
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/54455
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

1352Records found

CVE-2022-21716
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-3.51% / 87.89%
||
7 Day CHG-0.10%
Published-03 Mar, 2022 | 00:00
Updated-22 Apr, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow in Twisted

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.

Action-Not Available
Vendor-twistedtwistedFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kittwistedtwisted
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-11612
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.44% / 94.87%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 18:00
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Action-Not Available
Vendor-n/aThe Netty ProjectNetApp, Inc.Debian GNU/LinuxFedora ProjectOracle Corporation
Product-communications_cloud_native_core_service_communication_proxysiebel_core_-_server_frameworkdebian_linuxoncommand_api_servicescommunications_messaging_servernettynosql_databasecommunications_design_studiofedoraoncommand_workflow_automationcommunications_brm_-_elastic_charging_enginewebcenter_portaloncommand_insightn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-16770
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.96% / 78.08%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 19:35
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential DOS attack in Puma

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

Action-Not Available
Vendor-Debian GNU/LinuxPuma
Product-pumadebian_linuxpuma
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-7963
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.74% / 75.20%
||
7 Day CHG~0.00%
Published-19 Apr, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-28871
Matching Score-10
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-10
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 41.77%
||
7 Day CHG+0.02%
Published-25 Apr, 2022 | 10:14
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-windowsatlantmacosmac_os_xAll F-Secure Endpoint Protection products on Windows and Mac F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Internet Gatekeeper F-Secure Cloud Protection for Salesforce
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-23837
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.26% / 91.63%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

Action-Not Available
Vendor-contribsysn/aDebian GNU/Linux
Product-sidekiqdebian_linuxn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-32675
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-15.78% / 96.50%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 17:50
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS vulnerability in Redis

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.

Action-Not Available
Vendor-Redis Inc.Oracle CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-communications_operations_monitordebian_linuxmanagement_services_for_netapp_hcifedoraredismanagement_services_for_element_softwareredis
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-22207
Matching Score-10
Assigner-GitLab Inc.
ShareView Details
Matching Score-10
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-2.02% / 78.80%
||
7 Day CHG~0.00%
Published-23 Apr, 2021 | 17:32
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxzfs_storage_appliance_kitfedoraWireshark
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-8659
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.84% / 76.60%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 20:43
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.

Action-Not Available
Vendor-cncfn/aDebian GNU/LinuxRed Hat, Inc.
Product-envoydebian_linuxopenshift_service_meshn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-9494
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.91% / 89.12%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 15:25
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtraffic_serverApache Traffic Server
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-21294
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-3.35% / 87.33%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-27 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.Debian GNU/Linux
Product-cloud_secure_agentsantricity_unified_managerhci_management_nodeoncommand_workflow_automationsolidfirejdk7-mode_transition_toolgraalvmdebian_linuxopenjdksnapmanagere-series_santricity_web_servicese-series_santricity_storage_managerjreoncommand_insightsantricity_storage_plugine-series_santricity_os_controlleractive_iq_unified_managercloud_insights_acquisition_unitJava SE JDK and JRE
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2016-9578
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.49% / 82.86%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 21:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

Action-Not Available
Vendor-spice_projectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationspiceenterprise_linux_desktopspice
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8037
Matching Score-10
Assigner-Tcpdump Group
ShareView Details
Matching Score-10
Assigner-Tcpdump Group
CVSS Score-7.5||HIGH
EPSS-3.07% / 86.17%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 17:55
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ppp decapsulator can be convinced to allocate a large amount of memory

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

Action-Not Available
Vendor-Debian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcap
Product-debian_linuxfedoramac_os_xmacostcpdumptcpdump
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-28030
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.04% / 79.00%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 20:02
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-682
Incorrect Calculation
CVE-2011-3267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.87% / 85.24%
||
7 Day CHG~0.00%
Published-25 Aug, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2020-9924
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.85%
||
7 Day CHG+0.02%
Published-22 Oct, 2020 | 18:05
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CVE-2001-0457
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.66% / 74.00%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2016-7449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.49% / 87.84%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxGraphicsMagick
Product-leapdebian_linuxgraphicsmagickopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-3596
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-11.05% / 95.43%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 23:53
Updated-06 Aug, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

Action-Not Available
Vendor-polipo_projectpolipoDebian GNU/Linux
Product-debian_linuxpolipopolipo
CWE ID-CWE-617
Reachable Assertion
CVE-2020-15166
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-3.41% / 87.54%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 15:35
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in ZeroMQ

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.

Action-Not Available
Vendor-zeromqzeromqDebian GNU/LinuxFedora Project
Product-debian_linuxfedoralibzmqlibzmq
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-15598
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.18% / 86.62%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 13:38
Updated-03 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial of Service condition. The vendor does not consider this as a security issue because1) there is no default configuration issue here. An attacker would need to know that a rule using a potentially problematic regular expression was in place, 2) the attacker would need to know the basic nature of the regular expression itself to exploit any resource issues. It's well known that regular expression usage can be taxing on system resources regardless of the use case. It is up to the administrator to decide on when it is appropriate to trade resources for potential security benefit

Action-Not Available
Vendor-owaspn/aDebian GNU/Linux
Product-debian_linuxmodsecurityn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-9827
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.59% / 72.92%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:14
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CVE-2020-14148
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.64% / 83.89%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 16:52
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.

Action-Not Available
Vendor-bartonn/aDebian GNU/LinuxFedora Project
Product-ngircddebian_linuxfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-13934
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-64.12% / 99.14%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 14:59
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEDebian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxcommunications_instant_messaging_servermysql_enterprise_monitorinstantis_enterprisetracksiebel_ui_frameworkoncommand_system_managertomcatagile_engineering_data_managementagile_plmfmw_platformmanaged_file_transferworkload_managerleapApache Tomcat
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14399
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 84.89%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:12
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.

Action-Not Available
Vendor-libvncserver_projectn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxlibvncserverdebian_linuxleapn/a
CVE-2020-13950
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-49.09% / 98.75%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 07:10
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_proxy_http NULL pointer dereference

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14400
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.84% / 85.09%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:12
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary

Action-Not Available
Vendor-libvncserver_projectn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxlibvncserverdebian_linuxleapn/a
CVE-2020-14397
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.47%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14398
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.76% / 84.60%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14303
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.54% / 87.97%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:12
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxopenSUSESambaFedora Project
Product-ubuntu_linuxdebian_linuxsambafedoraleapSamba
CWE ID-CWE-834
Excessive Iteration
CVE-2020-14155
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-4.18% / 89.80%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 00:00
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Action-Not Available
Vendor-pcren/aGitLab Inc.Apple Inc.NetApp, Inc.Splunk LLC (Cisco Systems, Inc.)Oracle Corporation
Product-h500scloud_backuph410c_firmwareh300s_firmwarepcreactive_iq_unified_managerh410smacosh300suniversal_forwardercommunications_cloud_native_core_policysteelstore_cloud_integrated_storageclustered_data_ontapontap_select_deploy_administration_utilityh410s_firmwareh700s_firmwareh500s_firmwareh410cgitlabh700sn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-14396
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 83.43%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-21293
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-8.35% / 94.33%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-27 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-cloud_secure_agentsantricity_unified_managerhci_management_nodeoncommand_workflow_automationsolidfirejdk7-mode_transition_toolgraalvmdebian_linuxopenjdksnapmanagere-series_santricity_web_servicese-series_santricity_storage_managerjreoncommand_insightsantricity_storage_plugine-series_santricity_os_controlleractive_iq_unified_managerfedoracloud_insights_acquisition_unitJava SE JDK and JRE
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12673
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.19% / 92.70%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:18
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-13164
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.22% / 86.82%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 21:26
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxFedora ProjectopenSUSE
Product-wiresharkdebian_linuxfedoraleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-12662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.59%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 13:50
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Action-Not Available
Vendor-nlnetlabsn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraunboundleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12674
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.19% / 92.70%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:20
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-13871
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.45% / 90.34%
||
7 Day CHG~0.00%
Published-06 Jun, 2020 | 15:37
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Debian GNU/LinuxOracle CorporationSiemens AGFedora Project
Product-sinec_infrastructure_network_servicesdebian_linuxcommunications_messaging_servercloud_backupsqliteontap_select_deploy_administration_utilityfedoracommunications_network_charging_and_controlzfs_storage_appliance_kithyperion_infrastructure_technologyenterprise_manager_ops_centermysql_workbenchn/a
CWE ID-CWE-416
Use After Free
CVE-2000-0888
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.55% / 93.83%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

Action-Not Available
Vendor-n/aDebian GNU/LinuxInternet Systems Consortium, Inc.
Product-binddebian_linuxn/a
CVE-2005-1106
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.22% / 65.19%
||
7 Day CHG~0.00%
Published-13 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktime_pictureviewern/a
CVE-2020-12100
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.21% / 91.58%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:07
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2001-0136
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-44.94% / 98.64%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

Action-Not Available
Vendor-conectivaproftpdn/aMandriva (Mandrakesoft)Debian GNU/Linux
Product-debian_linuxmandrake_linuxlinuxproftpdn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-11868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.08% / 79.42%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 03:31
Updated-05 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Action-Not Available
Vendor-ntpn/aRed Hat, Inc.openSUSENetApp, Inc.Debian GNU/Linux
Product-all_flash_fabric-attached_storage_8700_firmwarefabric-attached_storage_8700_firmwaredebian_linuxleapfabric-attached_storage_a400virtual_storage_consoledata_ontapall_flash_fabric-attached_storage_a400_firmwarefabric-attached_storage_8300hci_storage_nodeall_flash_fabric-attached_storage_a400hci_storage_node_firmwarefabric-attached_storage_8300_firmwaresolidfirefabric-attached_storage_a400_firmwareall_flash_fabric-attached_storage_8300_firmwarefabric-attached_storage_8700ntpall_flash_fabric-attached_storage_8700clustered_data_ontapall_flash_fabric-attached_storage_8300vasa_provider_for_clustered_data_ontapenterprise_linuxhci_management_noden/a
CWE ID-CWE-346
Origin Validation Error
CVE-2016-7667
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.18% / 64.25%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11647
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.32% / 87.23%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 20:16
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-12243
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.42% / 90.29%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 18:07
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Action-Not Available
Vendor-openldapn/aApple Inc.Broadcom Inc.openSUSEOracle CorporationNetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxh300esolarish500scloud_backupbrocade_fabric_operating_systemh410c_firmwareh300s_firmwareh410sh300ssteelstore_cloud_integrated_storageh300e_firmwaredebian_linuxh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwaremac_os_xzfs_storage_appliance_kith700eopenldaph410ch700e_firmwareh700sleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-11653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.11% / 79.68%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 00:00
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

Action-Not Available
Vendor-varnish-softwarevarnish-cachen/aDebian GNU/LinuxopenSUSE
Product-varnish_cachedebian_linuxbackports_sleleapn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2020-11043
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-2.2||LOW
EPSS-1.91% / 77.44%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 00:00
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in FreeRDP

In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0.

Action-Not Available
Vendor-openSUSEFreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxleapFreeRDP
CWE ID-CWE-125
Out-of-bounds Read
CVE-2000-0508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.59% / 94.48%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-debian_linuxmandrake_linuxlinuxn/a
CVE-2000-0513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.68% / 74.28%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 27
  • 28
  • Next
Details not found