Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-3049

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Mar, 2012 | 10:00
Updated At-06 Aug, 2024 | 23:22
Rejected At-
Credits

Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Mar, 2012 | 10:00
Updated At:06 Aug, 2024 | 23:22
Rejected At:
▼CVE Numbering Authority (CNA)

Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/48527
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
vendor-advisory
x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049
vdb-entry
signature
x_refsource_OVAL
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
x_refsource_CONFIRM
http://www.securitytracker.com/id?1026841
vdb-entry
x_refsource_SECTRACK
http://code.google.com/p/chromium/issues/detail?id=108648
x_refsource_CONFIRM
http://www.securityfocus.com/bid/52674
vdb-entry
x_refsource_BID
http://osvdb.org/80295
vdb-entry
x_refsource_OSVDB
http://security.gentoo.org/glsa/glsa-201203-19.xml
vendor-advisory
x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/74218
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/48527
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1026841
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=108648
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/52674
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://osvdb.org/80295
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://security.gentoo.org/glsa/glsa-201203-19.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74218
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/48527
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1026841
vdb-entry
x_refsource_SECTRACK
x_transferred
http://code.google.com/p/chromium/issues/detail?id=108648
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/52674
vdb-entry
x_refsource_BID
x_transferred
http://osvdb.org/80295
vdb-entry
x_refsource_OSVDB
x_transferred
http://security.gentoo.org/glsa/glsa-201203-19.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/74218
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/48527
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026841
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=108648
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/52674
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://osvdb.org/80295
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201203-19.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74218
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Mar, 2012 | 10:55
Updated At:29 Apr, 2026 | 01:13

Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Google LLC
google
>>chrome>>Versions before 17.0.963.83(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://code.google.com/p/chromium/issues/detail?id=108648cve@mitre.org
Vendor Advisory
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.htmlcve@mitre.org
Release Notes
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://osvdb.org/80295cve@mitre.org
Broken Link
http://secunia.com/advisories/48527cve@mitre.org
Not Applicable
http://security.gentoo.org/glsa/glsa-201203-19.xmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/52674cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026841cve@mitre.org
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/74218cve@mitre.org
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049cve@mitre.org
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=108648af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.htmlaf854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://osvdb.org/80295af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/48527af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://security.gentoo.org/glsa/glsa-201203-19.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/52674af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026841af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/74218af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=108648
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/80295
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/48527
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://security.gentoo.org/glsa/glsa-201203-19.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/52674
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1026841
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74218
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=108648
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/80295
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/48527
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://security.gentoo.org/glsa/glsa-201203-19.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/52674
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1026841
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74218
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

539Records found

CVE-2014-1725
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.37% / 68.53%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1500
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-3.54% / 87.87%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

Action-Not Available
Vendor-n/aopenSUSEOracle CorporationSUSEMozilla Corporation
Product-firefoxseamonkeylinux_enterprise_desktoplinux_enterprise_serversolarislinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-16159
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.15% / 86.38%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 14:34
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

Action-Not Available
Vendor-nicn/aDebian GNU/LinuxopenSUSEFedora Project
Product-birdbackports_sledebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17177
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.69% / 84.04%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 16:57
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

Action-Not Available
Vendor-n/aopenSUSEFreeRDP
Product-freerdpleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2013-6424
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.88% / 85.14%
||
7 Day CHG~0.00%
Published-18 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Action-Not Available
Vendor-pixmann/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxpixmanopensusen/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2014-0128
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-32.63% / 98.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6425
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.88% / 85.15%
||
7 Day CHG~0.00%
Published-18 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Action-Not Available
Vendor-pixmann/aCanonical Ltd.openSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoppixmanenterprise_linux_server_ausenterprise_linux_eusopensusen/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2013-6648
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.67%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).

Action-Not Available
Vendor-n/aGoogle LLC
Product-skian/a
CVE-2019-17178
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.58% / 83.32%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 16:57
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

Action-Not Available
Vendor-lodevn/aopenSUSEFreeRDP
Product-freerdplodepngleapn/a
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-25059
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.33%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 20:47
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4075
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.21% / 86.61%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2013-4132
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.41% / 82.11%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

Action-Not Available
Vendor-n/aKDEopenSUSE
Product-kde_sckde-workspaceopensusen/a
CVE-2013-4074
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-60.64% / 99.03%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2013-3801
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.79% / 88.67%
||
7 Day CHG~0.00%
Published-17 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Action-Not Available
Vendor-n/aMariaDB FoundationopenSUSEOracle CorporationSUSE
Product-linux_enterprise_desktopmariadbmysqllinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CVE-2013-4082
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.62% / 90.57%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4118
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.59% / 88.01%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aFreeRDPopenSUSE
Product-leapfreerdpopensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-4123
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-80.45% / 99.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4077
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.95% / 85.48%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.40% / 87.39%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4560
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-5.42% / 91.72%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

Action-Not Available
Vendor-lighttpdn/aDebian GNU/LinuxopenSUSE
Product-debian_linuxlighttpdopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2013-4487
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.92% / 77.42%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.

Action-Not Available
Vendor-n/aopenSUSEGNU
Product-gnutlsopensusen/a
CVE-2013-4076
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.58% / 87.98%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4124
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-69.01% / 99.27%
||
7 Day CHG~0.00%
Published-05 Aug, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESambaRed Hat, Inc.Fedora Project
Product-ubuntu_linuxopensusefedorasambaenterprise_linuxn/a
CVE-2013-3557
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.35% / 87.20%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.72% / 96.04%
||
7 Day CHG~0.00%
Published-15 Jul, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Action-Not Available
Vendor-trustwaven/aThe Apache Software FoundationopenSUSE
Product-http_servermodsecurityopensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-3556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.82% / 84.86%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3559
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.32% / 87.10%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2013-2907
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.43% / 69.74%
||
7 Day CHG~0.00%
Published-02 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3560
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.40% / 82.02%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2013-2920
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.46% / 70.40%
||
7 Day CHG~0.00%
Published-02 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2917
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.46% / 70.40%
||
7 Day CHG~0.00%
Published-02 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3562
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.54% / 83.09%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2013-2877
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-4.73% / 90.76%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Action-Not Available
Vendor-n/aGoogle LLClibxml2 (XMLSoft)
Product-chromelibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3555
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.40% / 82.02%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2488
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.83% / 84.88%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1861
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-18.68% / 96.92%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationopenSUSEOracle CorporationSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopmariadbmysqlopensuselinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0888
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.56% / 72.17%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-0899
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.51% / 71.32%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.

Action-Not Available
Vendor-opus-codecn/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xipadoswindowsiphone_osmacosopuschromelinux_kernelopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-0835
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.09% / 61.27%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CVE-2013-1415
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.21% / 89.76%
||
7 Day CHG~0.00%
Published-03 Mar, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)openSUSE
Product-kerberos_5opensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-0917
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.09% / 61.28%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0881
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.15% / 63.04%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0883
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.15% / 63.04%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0211
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.93% / 89.09%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Action-Not Available
Vendor-n/aFreeBSD FoundationCanonical Ltd.openSUSElibarchiveFedora Project
Product-ubuntu_linuxfreebsdlibarchivefedoraopensusen/a
CVE-2012-6051
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.61% / 44.85%
||
7 Day CHG~0.00%
Published-28 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack.

Action-Not Available
Vendor-n/aGoogle LLC
Product-cityhashn/a
CVE-2012-6139
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.29% / 89.92%
||
7 Day CHG-0.17%
Published-12 Apr, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)openSUSE
Product-libxsltopensusen/a
CVE-2012-5123
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.43% / 69.74%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5152
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.06% / 60.47%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5568
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-9.59% / 94.89%
||
7 Day CHG~0.00%
Published-30 Nov, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Action-Not Available
Vendor-n/aThe Apache Software FoundationopenSUSE
Product-tomcatopensusen/a
CVE-2012-5130
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.46% / 70.40%
||
7 Day CHG~0.00%
Published-28 Nov, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found