Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0015

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-19 Jan, 2011 | 11:00
Updated At-06 Aug, 2024 | 21:36
Rejected At-
Credits

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:19 Jan, 2011 | 11:00
Updated At:06 Aug, 2024 | 21:36
Rejected At:
â–¼CVE Numbering Authority (CNA)

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://archives.seul.org/or/announce/Jan-2011/msg00000.html
mailing-list
x_refsource_MLIST
http://www.vupen.com/english/advisories/2011/0131
vdb-entry
x_refsource_VUPEN
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
x_refsource_CONFIRM
https://trac.torproject.org/projects/tor/ticket/2324
x_refsource_CONFIRM
http://secunia.com/advisories/42907
third-party-advisory
x_refsource_SECUNIA
http://blog.torproject.org/blog/tor-02129-released-security-patches
x_refsource_CONFIRM
http://www.securitytracker.com/id?1024980
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2011/0132
vdb-entry
x_refsource_VUPEN
http://www.debian.org/security/2011/dsa-2148
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/42905
third-party-advisory
x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2011/01/18/7
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/bid/45832
vdb-entry
x_refsource_BID
Hyperlink: http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.vupen.com/english/advisories/2011/0131
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Resource:
x_refsource_CONFIRM
Hyperlink: https://trac.torproject.org/projects/tor/ticket/2324
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/42907
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://blog.torproject.org/blog/tor-02129-released-security-patches
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1024980
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2011/0132
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.debian.org/security/2011/dsa-2148
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/42905
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openwall.com/lists/oss-security/2011/01/18/7
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/45832
Resource:
vdb-entry
x_refsource_BID
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://archives.seul.org/or/announce/Jan-2011/msg00000.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.vupen.com/english/advisories/2011/0131
vdb-entry
x_refsource_VUPEN
x_transferred
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
x_refsource_CONFIRM
x_transferred
https://trac.torproject.org/projects/tor/ticket/2324
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/42907
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://blog.torproject.org/blog/tor-02129-released-security-patches
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1024980
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2011/0132
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.debian.org/security/2011/dsa-2148
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/42905
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openwall.com/lists/oss-security/2011/01/18/7
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/bid/45832
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0131
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://trac.torproject.org/projects/tor/ticket/2324
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/42907
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://blog.torproject.org/blog/tor-02129-released-security-patches
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1024980
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0132
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2148
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/42905
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2011/01/18/7
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/45832
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:19 Jan, 2011 | 12:00
Updated At:29 Apr, 2026 | 01:13

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

tor
tor
>>tor>>Versions up to 0.2.1.28(inclusive)
cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2
cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre13
cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre14
cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre15
cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre16
cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre17
cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre18
cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre19
cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre20
cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre21
cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre22
cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre23
cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre24
cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre25
cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre26
cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre27
cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.3
cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.4
cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.5
cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6
cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6.1
cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6.2
cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7
cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.1
cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.2
cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.3
cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.8
cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.8.1
cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9
cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.1
cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.2
cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.3
cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.4
cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.5
cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.6
cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.7
cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.8
cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.9
cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.10
cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.1
cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.2
cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.3
cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.4
cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.5
cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.6
cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.7
cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.8
cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.9
cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.10
cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://archives.seul.org/or/announce/Jan-2011/msg00000.htmlsecalert@redhat.com
Patch
http://blog.torproject.org/blog/tor-02129-released-security-patchessecalert@redhat.com
Patch
http://secunia.com/advisories/42905secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/42907secalert@redhat.com
Vendor Advisory
http://www.debian.org/security/2011/dsa-2148secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2011/01/18/7secalert@redhat.com
N/A
http://www.securityfocus.com/bid/45832secalert@redhat.com
N/A
http://www.securitytracker.com/id?1024980secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/0131secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0132secalert@redhat.com
Vendor Advisory
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLogsecalert@redhat.com
Patch
https://trac.torproject.org/projects/tor/ticket/2324secalert@redhat.com
N/A
http://archives.seul.org/or/announce/Jan-2011/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://blog.torproject.org/blog/tor-02129-released-security-patchesaf854a3a-2127-422b-91ae-364da2661108
Patch
http://secunia.com/advisories/42905af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/42907af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2011/dsa-2148af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2011/01/18/7af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/45832af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1024980af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0131af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0132af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLogaf854a3a-2127-422b-91ae-364da2661108
Patch
https://trac.torproject.org/projects/tor/ticket/2324af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://blog.torproject.org/blog/tor-02129-released-security-patches
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://secunia.com/advisories/42905
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42907
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2148
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2011/01/18/7
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/45832
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024980
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0131
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0132
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://trac.torproject.org/projects/tor/ticket/2324
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://blog.torproject.org/blog/tor-02129-released-security-patches
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://secunia.com/advisories/42905
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/42907
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2148
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2011/01/18/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/45832
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024980
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0131
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0132
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://trac.torproject.org/projects/tor/ticket/2324
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1105Records found

CVE-2009-2425
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.52% / 82.89%
||
7 Day CHG~0.00%
Published-10 Jul, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0491
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.52% / 82.90%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3518
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.77% / 84.60%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3517
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.77% / 84.60%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2011-1924
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.82% / 84.82%
||
7 Day CHG~0.00%
Published-14 Jun, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0493
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.52% / 82.94%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2011-0492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.52% / 82.94%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2009-0938
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.92% / 77.43%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input."

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2009-0936
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.71% / 74.61%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2006-3408
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.82% / 76.11%
||
7 Day CHG~0.00%
Published-07 Jul, 2006 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2006-3416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.01% / 78.52%
||
7 Day CHG+0.22%
Published-07 Jul, 2006 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2009-0937
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.70% / 74.40%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2011-0490
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.52% / 82.89%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2009-2426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.92% / 77.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2014-2284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.43% / 90.20%
||
7 Day CHG~0.00%
Published-24 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.22%
||
7 Day CHG~0.00%
Published-26 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

Action-Not Available
Vendor-xelerancen/a
Product-openswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1316
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.15% / 62.90%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1725
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.37% / 68.53%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2342
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.3||MEDIUM
EPSS-1.79% / 75.69%
||
7 Day CHG~0.00%
Published-30 May, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Triangle MicroWorks SCADA Data Gateway Resource Exhaustion

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.

Action-Not Available
Vendor-trianglemicroworksTriangle MicroWorks
Product-scada_data_gatewaySCADA Data Gateway
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-2310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.99% / 78.26%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3164
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.28% / 66.51%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 18:40
Updated-15 Nov, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-web_security_applianceemail_security_appliancecontent_security_management_appliancecloud_email_securityCisco Web Security Appliance (WSA)
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2121
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.96% / 85.55%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hosted_collaboration_solutionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2155
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.73% / 74.84%
||
7 Day CHG~0.00%
Published-19 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cns_network_registrarn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-10077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.34%
||
7 Day CHG~0.00%
Published-06 Nov, 2018 | 16:00
Updated-06 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Action-Not Available
Vendor-i18n_projectn/aDebian GNU/Linux
Product-i18ndebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1711
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.30% / 81.19%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 21:55
Updated-19 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR gRPC Software Denial of Service Vulnerability

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0255
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-41.78% / 98.51%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.67% / 94.91%
||
7 Day CHG~0.00%
Published-06 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1349
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.11% / 95.08%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationRed Hat, Inc.
Product-ubuntu_linuxsatelliteenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopmod_perlenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0628
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-1.07% / 60.90%
||
7 Day CHG+0.01%
Published-25 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_micro-edition-suiten/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 11:55
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.

Action-Not Available
Vendor-once_cell_projectn/a
Product-once_celln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0239
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-67.57% / 99.22%
||
7 Day CHG~0.00%
Published-28 May, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0677
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.08% / 79.21%
||
7 Day CHG~0.00%
Published-22 Jan, 2014 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0486
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-3.46% / 87.61%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 16:00
Updated-06 Aug, 2024 | 09:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.

Action-Not Available
Vendor-nicn/a
Product-knot_cmsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0253
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-38.70% / 98.40%
||
7 Day CHG~0.00%
Published-12 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0256
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-41.78% / 98.51%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6700
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.34%
||
7 Day CHG~0.00%
Published-29 Nov, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7112
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.31% / 81.25%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0037
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.40% / 81.97%
||
7 Day CHG~0.00%
Published-28 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."

Action-Not Available
Vendor-zarafan/a
Product-zarafan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0128
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-32.63% / 98.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7177
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-3.23% / 86.75%
||
7 Day CHG~0.00%
Published-01 Feb, 2014 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

Action-Not Available
Vendor-fail2bann/a
Product-fail2bann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0079
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.79% / 75.70%
||
7 Day CHG~0.00%
Published-28 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."

Action-Not Available
Vendor-zarafan/a
Product-zarafan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0082
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.19% / 92.64%
||
7 Day CHG~0.00%
Published-20 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

Action-Not Available
Vendor-n/aRuby on Rails
Product-ruby_on_railsrailsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7294
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.55% / 83.11%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.

Action-Not Available
Vendor-libreswann/a
Product-libreswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0095
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-8.49% / 94.37%
||
7 Day CHG~0.00%
Published-31 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1691
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-2.27% / 80.88%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 21:00
Updated-19 Nov, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability

A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the incomplete error handling of the SSL or TLS packet header during the connection establishment. An attacker could exploit this vulnerability by sending a crafted SSL or TLS packet during the connection handshake. An exploit could allow the attacker to cause the SNORT detection engine to unexpectedly restart, resulting in a partial DoS condition while the detection engine restarts. Versions prior to 6.2.3.4 are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-1712
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-2.64% / 83.72%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 22:00
Updated-19 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the PIM process to restart. Software versions prior to 6.2.3, 6.3.2, 6.4.0, and 6.5.1 are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6143
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5||MEDIUM
EPSS-1.36% / 68.32%
||
7 Day CHG~0.00%
Published-31 Jan, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-telvent_sage_3030_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5532
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.11% / 79.55%
||
7 Day CHG~0.00%
Published-11 Oct, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_ip_phones_9900_series_firmwareunified_ip_phone_9951unified_ip_phone_9971n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25059
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.33%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 20:47
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4932
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.27% / 86.89%
||
7 Day CHG~0.00%
Published-29 Jul, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found