Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0491

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Jan, 2011 | 11:00
Updated At-06 Aug, 2024 | 21:51
Rejected At-
Credits

The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Jan, 2011 | 11:00
Updated At:06 Aug, 2024 | 21:51
Rejected At:
â–¼CVE Numbering Authority (CNA)

The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://archives.seul.org/or/announce/Jan-2011/msg00000.html
mailing-list
x_refsource_MLIST
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
x_refsource_CONFIRM
https://trac.torproject.org/projects/tor/ticket/2324
x_refsource_CONFIRM
http://blog.torproject.org/blog/tor-02129-released-security-patches
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/64888
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/45953
vdb-entry
x_refsource_BID
Hyperlink: http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Resource:
x_refsource_CONFIRM
Hyperlink: https://trac.torproject.org/projects/tor/ticket/2324
Resource:
x_refsource_CONFIRM
Hyperlink: http://blog.torproject.org/blog/tor-02129-released-security-patches
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64888
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/45953
Resource:
vdb-entry
x_refsource_BID
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://archives.seul.org/or/announce/Jan-2011/msg00000.html
mailing-list
x_refsource_MLIST
x_transferred
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
x_refsource_CONFIRM
x_transferred
https://trac.torproject.org/projects/tor/ticket/2324
x_refsource_CONFIRM
x_transferred
http://blog.torproject.org/blog/tor-02129-released-security-patches
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/64888
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/45953
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://trac.torproject.org/projects/tor/ticket/2324
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://blog.torproject.org/blog/tor-02129-released-security-patches
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64888
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/45953
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Jan, 2011 | 12:00
Updated At:29 Apr, 2026 | 01:13

The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
tor
tor
>>tor>>Versions up to 0.2.1.28(inclusive)
cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2
cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre13
cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre14
cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre15
cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre16
cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre17
cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre18
cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre19
cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre20
cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre21
cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre22
cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre23
cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre24
cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre25
cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre26
cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2_pre27
cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.3
cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.4
cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.5
cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6
cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6.1
cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6.2
cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7
cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.1
cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.2
cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.3
cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.8
cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.8.1
cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9
cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.1
cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.2
cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.3
cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.4
cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.5
cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.6
cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.7
cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.8
cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.9
cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.10
cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.1
cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.2
cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.3
cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.4
cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.5
cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.6
cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.7
cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.8
cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.9
cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.10
cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://archives.seul.org/or/announce/Jan-2011/msg00000.htmlcve@mitre.org
Patch
http://blog.torproject.org/blog/tor-02129-released-security-patchescve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/bid/45953cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/64888cve@mitre.org
N/A
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLogcve@mitre.org
Patch
https://trac.torproject.org/projects/tor/ticket/2324cve@mitre.org
N/A
http://archives.seul.org/or/announce/Jan-2011/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://blog.torproject.org/blog/tor-02129-released-security-patchesaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/45953af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/64888af854a3a-2127-422b-91ae-364da2661108
N/A
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLogaf854a3a-2127-422b-91ae-364da2661108
Patch
https://trac.torproject.org/projects/tor/ticket/2324af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://blog.torproject.org/blog/tor-02129-released-security-patches
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/45953
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64888
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://trac.torproject.org/projects/tor/ticket/2324
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.seul.org/or/announce/Jan-2011/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://blog.torproject.org/blog/tor-02129-released-security-patches
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/45953
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64888
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://trac.torproject.org/projects/tor/ticket/2324
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1105Records found
CVE-2011-0015
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.35% / 84.96%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-2425
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.38% / 80.40%
||
7 Day CHG~0.00%
Published-10 Jul, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0938
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 72.52%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input."

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2012-3518
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.46% / 80.95%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3517
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.46% / 80.95%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2011-1924
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.59% / 81.76%
||
7 Day CHG~0.00%
Published-14 Jun, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.38% / 80.40%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2011-0493
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.38% / 80.40%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2009-2426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.99%
||
7 Day CHG~0.00%
Published-10 Jul, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2009-0937
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.52% / 66.72%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2009-0936
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.52% / 66.72%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2006-3416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.78% / 73.76%
||
7 Day CHG~0.00%
Published-07 Jul, 2006 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2006-3408
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.27% / 79.62%
||
7 Day CHG~0.00%
Published-07 Jul, 2006 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2011-0490
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.38% / 80.40%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.

Action-Not Available
Vendor-torn/a
Product-torn/a
CVE-2008-1411
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.08% / 93.12%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-snap_deployn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.25% / 84.67%
||
7 Day CHG~0.00%
Published-28 Mar, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.

Action-Not Available
Vendor-perlbaln/a
Product-perlbaln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.37% / 87.42%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.

Action-Not Available
Vendor-boostn/a
Product-boost_regex_libraryboostn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 73.71%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 22:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.

Action-Not Available
Vendor-unisysn/aIBM CorporationLinux Kernel Organization, Inc
Product-aixlinux_kernelstealth_svgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0791
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.27% / 79.63%
||
7 Day CHG-0.02%
Published-15 Feb, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.

Action-Not Available
Vendor-intermaten/a
Product-winipdsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.84% / 74.84%
||
7 Day CHG~0.00%
Published-04 Dec, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.

Action-Not Available
Vendor-n/aRealNetworks LLCMicrosoft Corporation
Product-realplayerwindows_vistawindows_xpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7429
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.50%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 21:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.

Action-Not Available
Vendor-n/aSplunk LLC (Cisco Systems, Inc.)
Product-splunkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.36% / 91.05%
||
7 Day CHG~0.00%
Published-04 Dec, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.

Action-Not Available
Vendor-n/aRealNetworks LLC
Product-realplayern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-4755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.31% / 84.85%
||
7 Day CHG~0.00%
Published-08 Sep, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries.

Action-Not Available
Vendor-cor_entertainmentn/a
Product-alien_arena_2007n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-13735
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.82%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

Action-Not Available
Vendor-librawn/a
Product-librawn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-3780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.00% / 92.64%
||
7 Day CHG~0.00%
Published-15 Jul, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.

Action-Not Available
Vendor-mysqln/a
Product-community_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-3389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-26.46% / 96.35%
||
7 Day CHG~0.00%
Published-26 Jun, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2005-2806
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.13% / 78.41%
||
7 Day CHG~0.00%
Published-06 Sep, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers to cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error due to a missing field name or value.

Action-Not Available
Vendor-trevor_hogann/a
Product-bnbtn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1282
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-45.22% / 97.62%
||
7 Day CHG~0.00%
Published-09 Apr, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-active_directory_servicesactive_directory_lightweight_directory_serviceactive_directoryactive_directory_application_moden/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.15% / 78.58%
||
7 Day CHG~0.00%
Published-29 Jul, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-11555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.02%
||
7 Day CHG~0.00%
Published-23 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.

Action-Not Available
Vendor-libsassn/a
Product-libsassn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8038
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-50.43% / 97.86%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 13:00
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxf_fedizApache CXF Fediz
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7432
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.88%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 21:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.

Action-Not Available
Vendor-n/aSplunk LLC (Cisco Systems, Inc.)
Product-splunkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-2533
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.45% / 90.22%
||
7 Day CHG~0.00%
Published-25 Oct, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.

Action-Not Available
Vendor-n/aSolarWinds Worldwide, LLC.
Product-serv-u_file_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7449
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-20.85% / 95.65%
||
7 Day CHG~0.00%
Published-04 Mar, 2018 | 01:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.

Action-Not Available
Vendor-seggern/aMicrosoft Corporation
Product-windowsembos\/ip_ftp_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4100
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.13% / 78.41%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 14:55
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptocat before 2.0.22 has Remote Denial of Service via username

Action-Not Available
Vendor-cryptocat_projectn/a
Product-cryptocatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-2592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.67% / 89.38%
||
7 Day CHG~0.00%
Published-29 Nov, 2005 | 02:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.

Action-Not Available
Vendor-id_softwaren/a
Product-quake_ii_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-1777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.92% / 75.99%
||
7 Day CHG~0.00%
Published-03 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.

Action-Not Available
Vendor-skype_technologiesn/a
Product-skypen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8065
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-77.17% / 98.99%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 00:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.

Action-Not Available
Vendor-flexensen/a
Product-syncbreezen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7658
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.99% / 95.19%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.

Action-Not Available
Vendor-softrosn/a
Product-network_time_systemn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8030
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.91% / 75.83%
||
7 Day CHG~0.00%
Published-19 Jun, 2018 | 13:00
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

Action-Not Available
Vendor-The Apache Software Foundation
Product-qpid_broker-jApache Qpid Broker-J
CWE ID-CWE-20
Improper Input Validation
CVE-2004-1617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.67% / 87.95%
||
7 Day CHG~0.00%
Published-20 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

Action-Not Available
Vendor-university_of_kansasn/a
Product-lynxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8022
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.14% / 90.86%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Server
CWE ID-CWE-20
Improper Input Validation
CVE-2004-1675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.51% / 91.16%
||
7 Day CHG~0.00%
Published-20 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

Action-Not Available
Vendor-n/aSolarWinds Worldwide, LLC.
Product-serv-u_file_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-31121
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.98%
||
7 Day CHG~0.00%
Published-07 Jul, 2022 | 18:00
Updated-23 Apr, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.

Action-Not Available
Vendor-hyperledgerhyperledger
Product-fabricfabric
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.

Action-Not Available
Vendor-zshn/aCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_workstationzshenterprise_linux_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5534
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.75% / 73.21%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.56% / 95.75%
||
7 Day CHG~0.00%
Published-04 Mar, 2018 | 01:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500.

Action-Not Available
Vendor-advantign/a
Product-dualdeskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6347
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.67%
||
7 Day CHG~0.00%
Published-31 Dec, 2018 | 22:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.

Action-Not Available
Vendor-proxygen_projectFacebook
Product-proxygenProxygen
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-5510
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.82%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_websafebig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP (Analytics, LTM, AAM, AFM, APM, ASM, DNS, Edge, Gateway, GTM Link Controller, PEM, WebAccelerator, WebSafe)
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6343
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.42%
||
7 Day CHG~0.00%
Published-31 Dec, 2018 | 22:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.

Action-Not Available
Vendor-Facebook
Product-proxygenProxygen
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found