Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-0183

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-01 Mar, 2013 | 02:00
Updated At-06 Aug, 2024 | 14:18
Rejected At-
Credits

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:01 Mar, 2013 | 02:00
Updated At:06 Aug, 2024 | 14:18
Rejected At:
ā–¼CVE Numbering Authority (CNA)

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=895282
x_refsource_MISC
http://rack.github.com/
x_refsource_CONFIRM
https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
x_refsource_CONFIRM
https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2013-0548.html
vendor-advisory
x_refsource_REDHAT
https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0544.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2013/dsa-2783
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=895282
Resource:
x_refsource_MISC
Hyperlink: http://rack.github.com/
Resource:
x_refsource_CONFIRM
Hyperlink: https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
Resource:
x_refsource_CONFIRM
Hyperlink: https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0548.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0544.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2013/dsa-2783
Resource:
vendor-advisory
x_refsource_DEBIAN
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=895282
x_refsource_MISC
x_transferred
http://rack.github.com/
x_refsource_CONFIRM
x_transferred
https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
x_refsource_CONFIRM
x_transferred
https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0548.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0544.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2013/dsa-2783
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=895282
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://rack.github.com/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0548.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0544.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2013/dsa-2783
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:01 Mar, 2013 | 05:40
Updated At:29 Apr, 2026 | 01:13

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

rack_project
rack_project
>>rack>>1.3.0
cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.3.1
cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.3.2
cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.3.3
cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.3.4
cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.3.5
cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.3.6
cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.3.7
cpe:2.3:a:rack_project:rack:1.3.7:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.4.0
cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.4.1
cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*
rack_project
rack_project
>>rack>>1.4.2
cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.htmlsecalert@redhat.com
N/A
http://rack.github.com/secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0544.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0548.htmlsecalert@redhat.com
N/A
http://www.debian.org/security/2013/dsa-2783secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=895282secalert@redhat.com
N/A
https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ffsecalert@redhat.com
N/A
https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18secalert@redhat.com
N/A
https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtIsecalert@redhat.com
N/A
https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSssecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rack.github.com/af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0544.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0548.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2013/dsa-2783af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=895282af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ffaf854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18af854a3a-2127-422b-91ae-364da2661108
N/A
https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtIaf854a3a-2127-422b-91ae-364da2661108
N/A
https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSsaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rack.github.com/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0544.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0548.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2783
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=895282
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rack.github.com/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0544.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0548.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2783
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=895282
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

648Records found

CVE-2008-1925
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.28% / 80.97%
||
7 Day CHG~0.00%
Published-23 Apr, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.

Action-Not Available
Vendor-inspircdn/a
Product-inspircdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2218
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.86% / 76.61%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.

Action-Not Available
Vendor-norteln/a
Product-multimedia_communications_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-12044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.55% / 72.05%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 15:29
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controllernetscaler_application_delivery_controller_firmwarenetscaler_gateway_firmwarenetscaler_gatewayn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1928
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.67% / 73.99%
||
7 Day CHG~0.00%
Published-23 Apr, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.

Action-Not Available
Vendor-imagern/a
Product-imagern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1207
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.71% / 74.51%
||
7 Day CHG~0.00%
Published-08 Mar, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value.

Action-Not Available
Vendor-n/aFujitsu Limited
Product-interstage_application_server_standard_jinterstage_application_server_enterpriseinterstage_smart_repositoryinterstage_apworks_enterpriseinterstage_application_server_plusinterstage_apworks_standard_jinterstage_business_application_serverinterstage_apworks_modelers_jn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0608
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.64% / 92.01%
||
7 Day CHG~0.00%
Published-06 Feb, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.

Action-Not Available
Vendor-n/aIpswitch, Inc.
Product-ws_ftpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-11729
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.79% / 84.70%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:16
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.68% / 88.32%
||
7 Day CHG~0.00%
Published-20 Dec, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.

Action-Not Available
Vendor-netwinn/a
Product-surgemailn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6341
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.55% / 94.87%
||
7 Day CHG~0.00%
Published-20 Dec, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.

Action-Not Available
Vendor-net_dnsn/a
Product-net_dnsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.28% / 80.97%
||
7 Day CHG~0.00%
Published-28 Dec, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.

Action-Not Available
Vendor-tcpreenn/a
Product-tcpreenn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6438
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.00% / 78.38%
||
7 Day CHG~0.00%
Published-19 Dec, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0090
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-22.53% / 97.42%
||
7 Day CHG~0.00%
Published-04 Jan, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.

Action-Not Available
Vendor-divxn/aMicrosoft Corporation
Product-internet_explorerdivx_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5300
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.91% / 91.04%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-wzdftpdn/a
Product-wzdftpdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6120
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.02% / 78.58%
||
7 Day CHG~0.00%
Published-23 Nov, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Action-Not Available
Vendor-ethereal_groupn/aWireshark Foundation
Product-etherealwiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-12293
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.30% / 81.18%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_serverCisco WebEx Meetings Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2007-5241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.28%
||
7 Day CHG~0.00%
Published-06 Oct, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvmsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.62% / 94.89%
||
7 Day CHG~0.00%
Published-24 Sep, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query string in an HTTPS request to (1) adLog.cgi, (2) post.cgi, or (3) ad.cgi, related to the "files filter."

Action-Not Available
Vendor-airdefensen/a
Product-airsensorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2007-4665
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.12% / 79.66%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.

Action-Not Available
Vendor-firebirdsqln/a
Product-firebirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.19% / 80.30%
||
7 Day CHG~0.00%
Published-08 Sep, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-ucosminexus_application_server_standarducosminexus_service_platformucosminexus_application_server_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15354
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-1.18% / 63.83%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-te60_firmwarete30_firmwaredp300rp200te40_firmwaretx50tx50_firmwarete60dp300_firmwarete40te30te50_firmwarete50rp200_firmwareDP300,RP200,TE30,TE40,TE50,TE60,TX50
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-1592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.73% / 74.84%
||
7 Day CHG~0.00%
Published-05 Apr, 2010 | 15:15
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password.

Action-Not Available
Vendor-n/aNovell
Product-netwarenetware_ftp_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.53% / 87.83%
||
7 Day CHG~0.00%
Published-18 Aug, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-1512
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.25%
||
7 Day CHG~0.00%
Published-25 Oct, 2007 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.

Action-Not Available
Vendor-khaled_mardam-beyn/a
Product-mircn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.25% / 95.43%
||
7 Day CHG~0.00%
Published-26 Jul, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006.

Action-Not Available
Vendor-mike_dubmann/a
Product-windows_rsh_daemonn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-1494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.25% / 86.80%
||
7 Day CHG~0.00%
Published-24 Oct, 2007 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-12818
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-1.89% / 77.05%
||
7 Day CHG~0.00%
Published-03 Oct, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.

Action-Not Available
Vendor-sentinelGemalto
Product-sentinel_ldk_rte_firmwareGemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1000254
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.46% / 94.35%
||
7 Day CHG~0.00%
Published-06 Oct, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.

Action-Not Available
Vendor-n/aCURL
Product-libcurln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-1354
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.20% / 92.64%
||
7 Day CHG~0.00%
Published-14 Oct, 2007 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.

Action-Not Available
Vendor-gamespy3dn/a
Product-gamespy_3dn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-2332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.79% / 75.64%
||
7 Day CHG+0.24%
Published-26 Oct, 2007 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

Action-Not Available
Vendor-n/aOpera
Product-opera_web_browsern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-2258
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.65% / 83.80%
||
7 Day CHG~0.00%
Published-14 Oct, 2007 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moby NetSuite allows remote attackers to cause a denial of service (crash) via an HTTP POST request with a (1) large integer or (2) non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call.

Action-Not Available
Vendor-mobydiskn/a
Product-netsuiten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-10245
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-2.49% / 82.71%
||
7 Day CHG~0.00%
Published-19 Apr, 2019 | 13:43
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

Action-Not Available
Vendor-Eclipse Foundation AISBLRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linuxsatelliteenterprise_linux_desktopopenj9Eclipse OpenJ9
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9933
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.93% / 93.32%
||
7 Day CHG+0.06%
Published-04 Jan, 2017 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Action-Not Available
Vendor-libgdn/aThe PHP Group
Product-libgdphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1010300
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.51%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 17:15
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet.

Action-Not Available
Vendor-mz-automationmz-automation
Product-libiec61850libiec61850
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-2388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.20% / 64.31%
||
7 Day CHG~0.00%
Published-31 Oct, 2007 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command.

Action-Not Available
Vendor-inwebn/a
Product-mail_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-1944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.67% / 73.87%
||
7 Day CHG~0.00%
Published-11 Apr, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-38.78% / 98.41%
||
7 Day CHG~0.00%
Published-30 May, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-2404
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.92% / 85.33%
||
7 Day CHG~0.00%
Published-01 Nov, 2007 | 17:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).

Action-Not Available
Vendor-curtis_specialty_consultingn/a
Product-iispopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.38% / 96.19%
||
7 Day CHG~0.00%
Published-30 Jan, 2007 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.

Action-Not Available
Vendor-cfnetworkn/aApple Inc.
Product-cfnetworkmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-5314
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.66% / 47.22%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 22:15
Updated-30 Apr, 2026 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nothings stb TTF File stb_truetype.h stbtt_InitFont_internal out-of-bounds

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-nothingsNothings
Product-stb_truetype.hstb
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-5315
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 23:15
Updated-30 Apr, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-nothingsNothings
Product-stb_truetype.hstb
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-5318
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.63% / 45.74%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 01:45
Updated-29 Apr, 2026 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibRaw JPEG DHT losslessjpeg.cpp initval out-of-bounds write

A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.

Action-Not Available
Vendor-librawn/a
Product-librawLibRaw
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-9118
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.12% / 86.26%
||
7 Day CHG~0.00%
Published-30 Oct, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-13903
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.66% / 47.06%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 07:00
Updated-24 Mar, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The patch is named 99c02eb45170775a9a679c32b45dd4000ea67aff. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-quickjs-ngquickjs-ng
Product-quickjsQuickJS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-9937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.61% / 83.54%
||
7 Day CHG~0.00%
Published-12 Dec, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7762
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-1.31% / 67.26%
||
7 Day CHG+0.27%
Published-18 Apr, 2018 | 20:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.

Action-Not Available
Vendor-
Product-140cpu65160ctsxp573634mmodicon_m340_bmxp3420302h_firmware140cpu65160_firmwaretsxh5744m_firmwaremodicon_m340_bmxp342020h_firmwaretsxh5744m140cpu65160s_firmwaretsxp571634mcmodicon_m340_bmxp3420102cltsxp574634m_firmwaremodicon_m340_bmxp3420302_firmwaretsxp575634mtsxh5724mc_firmwaretsxp57304mc140cpu65860tsxp575634mc140cpu65160modicon_m340_bmxp3420302cl_firmwaretsxh5744mc_firmwaretsxp573634mc_firmwaremodicon_m340_bmxp342020_firmwaretsxp57454m_firmwaretsxp57254m_firmwaremodicon_m340_bmxp3420102_firmwaretsxp572634mtsxp57554mc_firmwaretsxp574634mtsxh5724mtsxp57304m_firmwaretsxp571634mc_firmwaretsxp57454mcmodicon_m340_bmxp341000h140cpu65160sbmxnor0200_firmwaremodicon_m340_bmxp3420302clbmxnor0200htsxp574634mc_firmwaretsxp57154mctsxp57154m_firmwaretsxp57154mtsxp576634mtsxh5744mctsxp57204mcmodicon_m340_bmxp342020140cpu31110modicon_m340_bmxp342020htsxp57354mc_firmwaretsxp57104m140cpu65150c_firmwaretsxp57354m140cpu65150_firmwaremodicon_m340_bmxp342000_firmware140cpu65860cbmxnor0200h_firmwaretsxp57204m_firmwaretsxp57204m140cpu65260tsxp571634m_firmwaretsxp573634mc140cpu43412uc140cpu65150tsxp571634mtsxp57304mc_firmware140cpu65860_firmwarebmxnor0200modicon_m340_bmxp341000h_firmware140cpu65260ctsxp57354mc140cpu65150c140cpu43412u_firmwaretsxh5724m_firmwaremodicon_m340_bmxp342000tsxp575634m_firmwaretsxp573634m_firmwaretsxp57204mc_firmwaretsxp57104mc_firmwaremodicon_m340_bmxp341000tsxh5724mc140cpu65260c_firmwaretsxp57254mc_firmware140cpu31110_firmware140cpu31110ctsxp57304mtsxp576634mcmodicon_m340_bmxp3420302htsxp574634mcmodicon_m340_bmxp3420102cl_firmwaretsxp572634mc_firmwaretsxp57454mc_firmwaretsxp576634mc_firmwaretsxp57554mctsxp575634mc_firmware140cpu65160c_firmwaretsxp576634m_firmware140cpu65260_firmwaremodicon_m340_bmxp3420302140cpu43412uc_firmwaretsxp57454mtsxp572634mcmodicon_m340_bmxp341000_firmwaretsxp57254mtsxp57104m_firmwaretsxp572634m_firmwaretsxp57554mtsxp57254mctsxp57354m_firmwaretsxp57104mctsxp57554m_firmwaremodicon_m340_bmxp3420102140cpu31110c_firmware140cpu43412utsxp57154mc_firmware140cpu65860c_firmwareModicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7759
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-1.31% / 67.26%
||
7 Day CHG+0.27%
Published-18 Apr, 2018 | 20:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.

Action-Not Available
Vendor-
Product-140cpu65160ctsxp573634mmodicon_m340_bmxp3420302h_firmware140cpu65160_firmwaretsxh5744m_firmwaremodicon_m340_bmxp342020h_firmwaretsxh5744m140cpu65160s_firmwaretsxp571634mcmodicon_m340_bmxp3420102cltsxp574634m_firmwaremodicon_m340_bmxp3420302_firmwaretsxp575634mtsxh5724mc_firmwaretsxp57304mc140cpu65860tsxp575634mc140cpu65160modicon_m340_bmxp3420302cl_firmwaretsxh5744mc_firmwaretsxp573634mc_firmwaremodicon_m340_bmxp342020_firmwaretsxp57454m_firmwaretsxp57254m_firmwaremodicon_m340_bmxp3420102_firmwaretsxp572634mtsxp57554mc_firmwaretsxp574634mtsxh5724mtsxp57304m_firmwaretsxp571634mc_firmwaretsxp57454mcmodicon_m340_bmxp341000h140cpu65160sbmxnor0200_firmwaremodicon_m340_bmxp3420302clbmxnor0200htsxp574634mc_firmwaretsxp57154mctsxp57154m_firmwaretsxp57154mtsxp576634mtsxh5744mctsxp57204mcmodicon_m340_bmxp342020140cpu31110modicon_m340_bmxp342020htsxp57354mc_firmwaretsxp57104m140cpu65150c_firmwaretsxp57354m140cpu65150_firmwaremodicon_m340_bmxp342000_firmware140cpu65860cbmxnor0200h_firmwaretsxp57204m_firmwaretsxp57204m140cpu65260tsxp571634m_firmwaretsxp573634mc140cpu43412uc140cpu65150tsxp571634mtsxp57304mc_firmware140cpu65860_firmwarebmxnor0200modicon_m340_bmxp341000h_firmware140cpu65260ctsxp57354mc140cpu65150c140cpu43412u_firmwaretsxh5724m_firmwaremodicon_m340_bmxp342000tsxp575634m_firmwaretsxp573634m_firmwaretsxp57204mc_firmwaretsxp57104mc_firmwaremodicon_m340_bmxp341000tsxh5724mc140cpu65260c_firmwaretsxp57254mc_firmware140cpu31110_firmware140cpu31110ctsxp57304mtsxp576634mcmodicon_m340_bmxp3420302htsxp574634mcmodicon_m340_bmxp3420102cl_firmwaretsxp572634mc_firmwaretsxp57454mc_firmwaretsxp576634mc_firmwaretsxp57554mctsxp575634mc_firmware140cpu65160c_firmwaretsxp576634m_firmware140cpu65260_firmwaremodicon_m340_bmxp3420302140cpu43412uc_firmwaretsxp57454mtsxp572634mcmodicon_m340_bmxp341000_firmwaretsxp57254mtsxp57104m_firmwaretsxp572634m_firmwaretsxp57554mtsxp57254mctsxp57354m_firmwaretsxp57104mctsxp57554m_firmwaremodicon_m340_bmxp3420102140cpu31110c_firmware140cpu43412utsxp57154mc_firmware140cpu65860c_firmwareModicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-17.43% / 96.75%
||
7 Day CHG~0.00%
Published-01 Nov, 2006 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-anti-virusendpoint_securityn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7632
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.37%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL.

Action-Not Available
Vendor-adbglobaln/a
Product-epicentron/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7116
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-10.30% / 95.14%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerHPE Intelligent Management Center (IMC)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7115
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-13.36% / 95.95%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.Hewlett Packard Enterprise (HPE)
Product-windowsintelligent_management_centerHPE Intelligent Management Center (IMC)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 12
  • 13
  • Next
Details not found