Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-1311

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Apr, 2010 | 17:00
Updated At-07 Aug, 2024 | 01:21
Rejected At-
Credits

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Apr, 2010 | 17:00
Updated At:07 Aug, 2024 | 01:21
Rejected At:
▼CVE Numbering Authority (CNA)

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1206
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/39656
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
vendor-advisory
x_refsource_MANDRIVA
http://www.ubuntu.com/usn/USN-926-1
vendor-advisory
x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2010/0827
vdb-entry
x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
vendor-advisory
x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
vendor-advisory
x_refsource_SUSE
http://support.apple.com/kb/HT4312
x_refsource_CONFIRM
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0909
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/39293
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0832
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/39329
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/39262
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2010/1001
vdb-entry
x_refsource_VUPEN
Hyperlink: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/1206
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/39656
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.ubuntu.com/usn/USN-926-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.vupen.com/english/advisories/2010/0827
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://support.apple.com/kb/HT4312
Resource:
x_refsource_CONFIRM
Hyperlink: http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/0909
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/39293
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/0832
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/39329
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/39262
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2010/1001
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/1206
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/39656
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.ubuntu.com/usn/USN-926-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.vupen.com/english/advisories/2010/0827
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://support.apple.com/kb/HT4312
x_refsource_CONFIRM
x_transferred
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/0909
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/39293
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/0832
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/39329
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/39262
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2010/1001
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1206
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/39656
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-926-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0827
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://support.apple.com/kb/HT4312
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0909
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/39293
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0832
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/39329
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/39262
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1001
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Apr, 2010 | 17:30
Updated At:11 Apr, 2025 | 00:51

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
ClamAV
clamav
>>clamav>>Versions up to 0.96(inclusive)
cpe:2.3:a:clamav:clamav:*:rc2:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.01
cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.02
cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.3
cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.03
cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.05
cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.9
cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.10
cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.12
cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.13
cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.14
cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.14
cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.15
cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.20
cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.21
cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.22
cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.23
cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.24
cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.51
cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.52
cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.53
cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.54
cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.60
cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.60p
cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.65
cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.66
cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.67
cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.67-1
cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.68
cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.68.1
cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.70
cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.70
cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.71
cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.72
cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.73
cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.74
cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.75
cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.75.1
cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.80
cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.80
cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.80
cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.80
cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.80
cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.81
cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.82
cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.83
cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.84
cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.84
cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.84
cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>0.85
cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlcve@mitre.org
N/A
http://secunia.com/advisories/39293cve@mitre.org
N/A
http://secunia.com/advisories/39329cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/39656cve@mitre.org
N/A
http://support.apple.com/kb/HT4312cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:082cve@mitre.org
N/A
http://www.securityfocus.com/bid/39262cve@mitre.org
Patch
http://www.ubuntu.com/usn/USN-926-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/0827cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/0832cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/0909cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/1001cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/1206cve@mitre.org
N/A
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771cve@mitre.org
N/A
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/39293af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/39329af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/39656af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4312af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:082af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/39262af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.ubuntu.com/usn/USN-926-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/0827af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/0832af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/0909af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1001af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1206af854a3a-2127-422b-91ae-364da2661108
N/A
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/39293
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/39329
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39656
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4312
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/39262
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.ubuntu.com/usn/USN-926-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0827
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0832
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0909
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1001
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1206
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/39293
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/39329
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39656
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4312
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/39262
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.ubuntu.com/usn/USN-926-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0827
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0832
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0909
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1001
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1206
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1119Records found
CVE-2009-1371
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.06% / 93.83%
||
7 Day CHG~0.00%
Published-23 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.

Action-Not Available
Vendor-n/aClamAV
Product-clamavn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1404
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.43%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:30
Updated-08 Nov, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Email Parser Denial of Service Vulnerability

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20698
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.94%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 05:15
Updated-06 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Denial of Service Vulnerability

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Canonical Ltd.ClamAVCisco Systems, Inc.Debian GNU/Linux
Product-ubuntu_linuxclamavdebian_linuxClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1789
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-2.42% / 84.51%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 18:25
Updated-19 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV Denial of Service Vulnerability

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-1405
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-2.31% / 84.12%
||
7 Day CHG-2.31%
Published-08 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.

Action-Not Available
Vendor-n/aCisco Systems, Inc.ClamAV
Product-web_security_applianceemail_security_applianceclamavn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9050
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.64% / 88.85%
||
7 Day CHG~0.00%
Published-01 Dec, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.

Action-Not Available
Vendor-n/aClamAV
Product-clamavn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2668
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.55% / 80.68%
||
7 Day CHG~0.00%
Published-12 May, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

Action-Not Available
Vendor-n/aClamAVCanonical Ltd.
Product-ubuntu_linuxclamavn/a
CVE-2015-2170
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.55% / 80.68%
||
7 Day CHG~0.00%
Published-12 May, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

Action-Not Available
Vendor-n/aClamAVCanonical Ltd.
Product-ubuntu_linuxclamavn/a
CVE-2008-6680
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.09% / 90.40%
||
7 Day CHG~0.00%
Published-08 Apr, 2009 | 16:00
Updated-07 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.

Action-Not Available
Vendor-n/aClamAV
Product-clamavn/a
CWE ID-CWE-189
Not Available
CVE-2008-3912
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.92% / 85.86%
||
7 Day CHG~0.00%
Published-09 Sep, 2008 | 14:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.

Action-Not Available
Vendor-n/aDebian GNU/LinuxClamAV
Product-clamavdebian_linuxn/a
CWE ID-CWE-399
Not Available
CVE-2008-3913
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-09 Sep, 2008 | 14:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".

Action-Not Available
Vendor-n/aDebian GNU/LinuxClamAV
Product-clamavdebian_linuxn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2015-2221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.78% / 81.94%
||
7 Day CHG~0.00%
Published-12 May, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

Action-Not Available
Vendor-n/aClamAVCanonical Ltd.
Product-ubuntu_linuxclamavn/a
CVE-2021-1405
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.25% / 78.52%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:30
Updated-08 Nov, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) PDF Parser Denial of Service Vulnerability

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Debian GNU/LinuxClamAVCisco Systems, Inc.
Product-clamavdebian_linuxClamAV
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2015-2222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.55% / 80.68%
||
7 Day CHG~0.00%
Published-12 May, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

Action-Not Available
Vendor-n/aClamAVCanonical Ltd.
Product-ubuntu_linuxclamavn/a
CVE-2015-1463
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.49% / 80.26%
||
7 Day CHG~0.00%
Published-03 Feb, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

Action-Not Available
Vendor-n/aFedora ProjectClamAV
Product-fedoraclamavn/a
CVE-2013-2020
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.66% / 93.01%
||
7 Day CHG~0.00%
Published-13 May, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aClamAVCanonical Ltd.SUSE
Product-linux_enterprise_serverubuntu_linuxclamavn/a
CVE-2011-2721
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.59% / 85.01%
||
7 Day CHG~0.00%
Published-05 Aug, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

Action-Not Available
Vendor-n/aClamAV
Product-clamavn/a
CVE-2020-3123
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-4.89% / 89.18%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 17:30
Updated-15 Nov, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Canonical Ltd.ClamAVCisco Systems, Inc.
Product-ubuntu_linuxclamavClamAV
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-4260
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-5.38% / 89.72%
||
7 Day CHG~0.00%
Published-07 Dec, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

Action-Not Available
Vendor-n/aClamAV
Product-clamavn/a
CVE-2008-6845
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.01% / 76.12%
||
7 Day CHG~0.00%
Published-02 Jul, 2009 | 10:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.

Action-Not Available
Vendor-n/aClamAV
Product-clamavn/a
CVE-2019-12625
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.17%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 18:15
Updated-19 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV Zip Bomb Vulnerability

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-3481
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.90% / 87.81%
||
7 Day CHG~0.00%
Published-20 Jul, 2020 | 17:45
Updated-13 Nov, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Software Null Pointer Dereference Vulnerability

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectClamAVCanonical Ltd.Cisco Systems, Inc.
Product-ubuntu_linuxclamavdebian_linuxfedoraClamAV
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2008-5525
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.40% / 59.81%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aMicrosoft CorporationClamAV
Product-internet_explorerclamavn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0361
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-3.3||LOW
EPSS-0.24% / 47.32%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 17:00
Updated-29 Nov, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxClamAV
Product-clamavdebian_linuxClamAV before 0.100.1 unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1252
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:25
Updated-08 Nov, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Excel XLM Parser Denial of Service Vulnerability

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-1787
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.94% / 82.68%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:10
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus PDF Denial of Service Vulnerability

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Action-Not Available
Vendor-Debian GNU/LinuxClamAVopenSUSECisco Systems, Inc.
Product-clamavdebian_linuxleapClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1798
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-4.17% / 88.23%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:30
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus PE File Out-of-Bounds Read Vulnerability

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1785
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.00% / 82.91%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:05
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus RAR Directory Traversal Vulnerability

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-1788
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-10.80% / 93.06%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:15
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV OLE2 File Out-Of-Bounds Write Vulnerability

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.

Action-Not Available
Vendor-Debian GNU/LinuxClamAVopenSUSECisco Systems, Inc.
Product-clamavdebian_linuxleapClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-1786
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.94% / 91.04%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:05
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus PDF Out-of-Bounds Read Vulnerability

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-15961
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.96% / 82.72%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 19:05
Updated-15 Nov, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Action-Not Available
Vendor-Debian GNU/LinuxClamAVCanonical Ltd.Cisco Systems, Inc.
Product-ubuntu_linuxemail_security_appliance_firmwareclamavdebian_linuxClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-5361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.44%
||
7 Day CHG-0.07%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

Action-Not Available
Vendor-libreswann/a
Product-libreswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4685
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.86% / 74.14%
||
7 Day CHG~0.00%
Published-07 Dec, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.38% / 79.52%
||
7 Day CHG~0.00%
Published-20 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.

Action-Not Available
Vendor-n/aOTRS AG
Product-otrsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.17%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4602
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.46% / 80.05%
||
7 Day CHG~0.00%
Published-17 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.

Action-Not Available
Vendor-n/aPidgin
Product-pidginn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.28%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9260
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.00%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2937
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.21% / 78.18%
||
7 Day CHG~0.00%
Published-20 Aug, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.

Action-Not Available
Vendor-n/aVideoLAN
Product-vlc_media_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2145
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.15%
||
7 Day CHG~0.00%
Published-15 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.

Action-Not Available
Vendor-uninettn/aFedora Project
Product-fedoramod_auth_mellonn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9258
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.78%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.56%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2435
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.95% / 87.88%
||
7 Day CHG~0.00%
Published-24 Jun, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.

Action-Not Available
Vendor-salvo_tomasellin/a
Product-weborf_http_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2001-0509
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.18% / 93.22%
||
7 Day CHG~0.00%
Published-29 Aug, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_serversql_serverwindows_ntwindows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2580
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-5||MEDIUM
EPSS-2.17% / 83.65%
||
7 Day CHG~0.00%
Published-15 Sep, 2010 | 17:26
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."

Action-Not Available
Vendor-mailenablen/a
Product-mailenablen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2993
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.93% / 75.09%
||
7 Day CHG~0.00%
Published-13 Aug, 2010 | 18:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.51% / 90.72%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.

Action-Not Available
Vendor-n/aIntel CorporationMicrosoft CorporationSymantec Corporation
Product-windows_2000intel_alert_management_systemendpoint_protectionantivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.16% / 83.61%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

Action-Not Available
Vendor-quaggan/aopenSUSE
Product-leapopensusequaggan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.44% / 84.56%
||
7 Day CHG~0.00%
Published-26 Apr, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80.

Action-Not Available
Vendor-rcaacmen/a
Product-micro_httpddigital_cable_modemn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-18 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request.

Action-Not Available
Vendor-impactfinancialsn/aApple Inc.
Product-iphone_osimpact_pdf_readern/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found