Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0846

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-20 Apr, 2011 | 10:00
Updated At-16 Sep, 2024 | 17:32
Rejected At-
Credits

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:20 Apr, 2011 | 10:00
Updated At:16 Sep, 2024 | 17:32
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:20 Apr, 2011 | 10:55
Updated At:11 Apr, 2025 | 00:51

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Oracle Corporation
oracle
>>sun_java_system_access_manager_policy_agent>>2.2
cpe:2.3:a:oracle:sun_java_system_access_manager_policy_agent:2.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

497Records found
CVE-2015-5964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.37% / 88.72%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoOracle Corporation
Product-djangoubuntu_linuxsolarisn/a
CVE-2015-5963
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.34% / 89.86%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoOracle Corporation
Product-djangoubuntu_linuxsolarisn/a
CVE-2015-4484
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.85% / 74.48%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4751
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.73% / 72.17%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect availability via unknown vectors related to Authentication Engine.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-4803
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-6.58% / 90.95%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrockitjrejdkn/a
CVE-2015-5219
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.24% / 84.25%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.SUSERed Hat, Inc.Oracle CorporationFedora ProjectopenSUSENovellSiemens AG
Product-enterprise_linux_desktoplinuxenterprise_linux_workstationfedoralinux_enterprise_serverleapenterprise_linux_serverdebian_linuxlinux_enterprise_debuginfotim_4r-ientptim_4r-id_dnp3tim_4r-id_dnp3_firmwareopenstack_cloudmanager_proxyenterprise_linux_hpc_nodetim_4r-ie_firmwareubuntu_linuxmanagern/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2015-4896
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.50% / 80.84%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle Corporation
Product-vm_virtualboxdebian_linuxn/a
CVE-2015-4911
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-6.58% / 90.95%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrockitjrejdkn/a
CVE-2015-4750
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.82% / 74.05%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.2 allows remote attackers to affect availability via vectors related to LDOM Manager.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle_and_sun_systems_product_suiten/a
CVE-2001-0498
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.53% / 66.83%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8in/a
CVE-2001-0516
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.75% / 72.80%
||
7 Day CHG+0.15%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9in/a
CVE-2015-4742
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.73%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect availability via vectors related to ADF Faces.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-4651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 59.03%
||
7 Day CHG~0.00%
Published-22 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxOracle Corporation
Product-wiresharkdebian_linuxsolarisn/a
CVE-2001-0517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.85% / 74.49%
||
7 Day CHG+0.12%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8in/a
CVE-2001-0518
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.39% / 59.63%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2015-4882
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-6.58% / 90.95%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2001-0515
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.75% / 72.80%
||
7 Day CHG+0.15%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8idatabase_servern/a
CVE-2015-3811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.49%
||
7 Day CHG~0.00%
Published-26 May, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharklinuxsolarisn/a
CVE-2015-4024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-75.52% / 98.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.Oracle CorporationHP Inc.
Product-enterprise_linuxenterprise_linux_serversolarissystem_management_homepageenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_euslinuxmac_os_xn/a
CVE-2015-3195
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-3.44% / 87.23%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Fedora ProjectApple Inc.OpenSSLDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serversolarislinux_enterprise_serversun_ray_softwarehttp_servercommunications_webrtc_session_controllervm_serverdebian_linuxlinuxtransportation_managemententerprise_linux_server_ausexalogic_infrastructurevm_virtualboxleapopensusefedoraenterprise_linux_desktopubuntu_linuxlife_sciences_data_hubenterprise_linux_server_tusintegrated_lights_out_manager_firmwareenterprise_linux_workstationopensslapi_gatewaymac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3814
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-26 May, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationOracle Corporation
Product-wiresharksolarisn/a
CVE-2019-12402
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.11%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 00:00
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectOracle Corporation
Product-flexcube_investor_servicingprimavera_gatewaycommunications_ip_service_activatorcommunications_session_route_managerflexcube_private_bankingretail_integration_busbanking_platformcommunications_session_report_managerpeoplesoft_enterprise_pt_peopletoolsbanking_paymentsessbasefedorajdeveloperretail_xstore_point_of_servicecustomer_management_and_segmentation_foundationcommons_compresshyperion_infrastructure_technologycommunications_element_managerwebcenter_portalApache Commons Compress
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-2188
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.34% / 56.59%
||
7 Day CHG~0.00%
Published-08 Mar, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

Action-Not Available
Vendor-mageian/aopenSUSEWireshark FoundationDebian GNU/LinuxOracle Corporation
Product-solariswiresharkopensusemageiadebian_linuxlinuxn/a
CVE-2014-4264
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-5.56% / 90.08%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-2659
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.11% / 77.76%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2015-2695
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.45% / 90.85%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)openSUSESUSEDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-solariskerberos_5leapopensuseubuntu_linuxlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2015-2189
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.29% / 52.46%
||
7 Day CHG~0.00%
Published-08 Mar, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

Action-Not Available
Vendor-mageian/aopenSUSEWireshark FoundationDebian GNU/LinuxOracle Corporation
Product-solariswiresharkopensusemageiadebian_linuxlinuxn/a
CVE-2008-5441
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.28% / 79.30%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5442 and CVE-2008-5443.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2015-2316
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.99% / 83.34%
||
7 Day CHG~0.00%
Published-25 Mar, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.DjangoOracle CorporationFedora Project
Product-solarisdjangofedoraopensuseubuntu_linuxn/a
CVE-2015-2568
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.96% / 88.10%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

Action-Not Available
Vendor-n/aSUSEMariaDB FoundationRed Hat, Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_aussolarisenterprise_linux_eusmariadbmysqlubuntu_linuxenterprise_linux_desktopcommunications_policy_managemententerprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2008-5445
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.40% / 80.12%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 02:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2015-1829
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.01% / 76.66%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-1819
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.92% / 89.39%
||
7 Day CHG~0.00%
Published-14 Aug, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationFedora ProjectCanonical Ltd.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-libxmlenterprise_linuxsolarisfedoraopensusewatchosubuntu_linuxdebian_linuxlinuxiphone_osmac_os_xtvosn/a
CVE-2015-1380
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.01% / 76.74%
||
7 Day CHG~0.00%
Published-03 Feb, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.

Action-Not Available
Vendor-privoxyn/aOracle CorporationopenSUSE
Product-privoxyopensusesolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2000-0576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.88%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.

Action-Not Available
Vendor-n/aOracle Corporation
Product-web_listenern/a
CVE-2020-11996
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-45.12% / 97.51%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 16:27
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEDebian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxmysql_enterprise_monitorsiebel_ui_frameworkoncommand_system_managertomcatworkload_managerleapApache Tomcat
CVE-2015-0368
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.72% / 72.06%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect availability via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-supply_chain_products_suiten/a
CVE-2015-0253
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.61% / 93.13%
||
7 Day CHG~0.00%
Published-20 Jul, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Action-Not Available
Vendor-n/aThe Apache Software FoundationApple Inc.Oracle Corporation
Product-mac_os_x_serversolarishttp_serverlinuxmac_os_xn/a
CVE-2015-0272
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.08% / 77.49%
||
7 Day CHG~0.00%
Published-17 Nov, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

Action-Not Available
Vendor-n/aSUSEThe GNOME ProjectOracle CorporationCanonical Ltd.
Product-ubuntu_linuxlinux_enterprise_real_time_extensionlinux_enterprise_software_development_kitlinux_enterprise_desktopnetworkmanagerlinux_enterprise_workstation_extensionlinuxlinux_enterprise_serverlinux_enterprise_debuginfon/a
CVE-2015-0248
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-15.80% / 94.59%
||
7 Day CHG~0.00%
Published-08 Apr, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

Action-Not Available
Vendor-n/aopenSUSEThe Apache Software FoundationRed Hat, Inc.Apple Inc.Oracle Corporation
Product-enterprise_linux_serversolarisenterprise_linux_hpc_nodeopensuseenterprise_linux_desktopenterprise_linux_server_eussubversionenterprise_linux_workstationxcoden/a
CVE-2015-0564
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.62% / 69.58%
||
7 Day CHG~0.00%
Published-10 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.

Action-Not Available
Vendor-n/aopenSUSEWireshark FoundationDebian GNU/LinuxOracle Corporation
Product-solariswiresharkopensusedebian_linuxlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11080
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-0.68% / 71.22%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 00:00
Updated-09 Jun, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in nghttp2

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Action-Not Available
Vendor-nghttp2nghttp2Oracle CorporationFedora ProjectDebian GNU/LinuxNode.js (OpenJS Foundation)openSUSE
Product-debian_linuxblockchain_platformgraalvmnghttp2fedorabanking_extensibility_workbenchenterprise_communications_brokermysqlnode.jsleapnghttp2
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-9601
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.21% / 78.66%
||
7 Day CHG~0.00%
Published-16 Jan, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectOracle CorporationPython Software Foundation
Product-fedoraopensusepillowsolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0410
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-4.96% / 89.45%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle CorporationopenSUSERed Hat, Inc.Debian GNU/LinuxNovellCanonical Ltd.
Product-enterprise_linuxjrockitopensuseubuntu_linuxsuse_linux_enterprise_serverjdksuse_linux_enterprise_desktopdebian_linuxjren/a
CVE-2015-0488
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-10.05% / 92.91%
||
7 Day CHG+3.50%
Published-16 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrockitjrejdkn/a
CVE-2014-9708
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.51% / 88.89%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

Action-Not Available
Vendor-embedthisn/aJuniper Networks, Inc.Oracle Corporation
Product-ex4600-vcex4550-vcptx10003_160cex4300-32f-dcex8216ex4650ptx5000ex4600srx5400ex6200mx150ex4550\/vcex4300-24tex4300-vcmx10016appwebex3400mx10008ex2300-csrx110ptx1000ex4300-mpsrx300ex9208t640ex4300-48t-afimx2020ex2300-48tex4300-48mpex3300srx240msrx210srx4600srx340ex4400mx10000ex2300-24tex4300mmxsrx380ex4300-24pptx100016ex4300-48tdc-afisrx3600srx345srx650ex4500-vct320srx550_hmsrx100mx80ex2300-24mpsrx4100mx104mx40enterprise_communications_brokerptx10001-36mrmx960ex4300-48tex9251t4000srx5600ptx10001srx550mmx5ptx10016srx240h2ex4300-48p-ssrx320ptx10003mx10003mx10ptx3000ex2300msrx240mx240srx1400ex2200-cmx204t1600ex9253ex8200ptx10003_80csrx550qfx10000ex9204ex2300-24pex8208ex4500junossrx4000ex4200ex2300-48pex9214ex4300-24t-ssrx5800srx220ex4300-48pptx1000-72qsrx5000ex2300-48mpmx480ex9200ex4300-48mp-sptx10003_81cdex4200-vcsrx3400ptx10002-60cptx10004ex4300-24p-sex4300-48t-dcptx10000ex2200ex4300-32fex4300ex4300-48t-dc-afimx2010ex2300ex8200-vcex9250ex4300-32f-sptx10008ex3300-vcmx2008ex4550ex3200ptx10002srx1500ex4300-48tafiex4300-48t-sex2200-vcsrx4200ex4300-48tdcex6210n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-1999-1068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.47% / 64.05%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.

Action-Not Available
Vendor-n/aOracle Corporation
Product-http_servern/a
CVE-2008-2595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-16.48% / 94.74%
||
7 Day CHG~0.00%
Published-15 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_9idatabase_10gn/a
CVE-2014-8964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.06% / 83.58%
||
7 Day CHG~0.00%
Published-16 Dec, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Action-Not Available
Vendor-pcren/aopenSUSEMariaDB FoundationRed Hat, Inc.Fedora ProjectOracle Corporation
Product-enterprise_linux_serverenterprise_linux_server_aussolarisenterprise_linux_eusfedoramariadbopensuseenterprise_linux_desktoppcreenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8768
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-28.31% / 96.39%
||
7 Day CHG~0.00%
Published-20 Nov, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Oracle CorporationCanonical Ltd.
Product-solarisopensuseubuntu_linuxtcpdumpn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found