Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-0255

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-13 Feb, 2013 | 01:00
Updated At-06 Aug, 2024 | 14:18
Rejected At-
Credits

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:13 Feb, 2013 | 01:00
Updated At:06 Aug, 2024 | 14:18
Rejected At:
▼CVE Numbering Authority (CNA)

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2013/dsa-2630
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
vendor-advisory
x_refsource_SUSE
http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
vendor-advisory
x_refsource_MANDRIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/81917
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/show_bug.cgi?id=907892
x_refsource_CONFIRM
http://secunia.com/advisories/51923
third-party-advisory
x_refsource_SECUNIA
http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/57844
vdb-entry
x_refsource_BID
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1717-1
vendor-advisory
x_refsource_UBUNTU
http://securitytracker.com/id?1028092
vdb-entry
x_refsource_SECTRACK
http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
x_refsource_CONFIRM
http://osvdb.org/89935
vdb-entry
x_refsource_OSVDB
http://rhn.redhat.com/errata/RHSA-2013-1475.html
vendor-advisory
x_refsource_REDHAT
http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
x_refsource_CONFIRM
http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
x_refsource_CONFIRM
http://secunia.com/advisories/52819
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2013/dsa-2630
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/81917
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=907892
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/51923
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/57844
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-1717-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://securitytracker.com/id?1028092
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/89935
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1475.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/52819
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2013/dsa-2630
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/81917
vdb-entry
x_refsource_XF
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=907892
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/51923
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/57844
vdb-entry
x_refsource_BID
x_transferred
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-1717-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://securitytracker.com/id?1028092
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
x_refsource_CONFIRM
x_transferred
http://osvdb.org/89935
vdb-entry
x_refsource_OSVDB
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1475.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
x_refsource_CONFIRM
x_transferred
http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/52819
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2013/dsa-2630
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/81917
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=907892
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/51923
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/57844
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1717-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://securitytracker.com/id?1028092
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/89935
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1475.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/52819
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:13 Feb, 2013 | 01:55
Updated At:11 Apr, 2025 | 00:51

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C
CPE Matches
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3
cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.1
cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.2
cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.3
cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.4
cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.5
cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.6
cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.7
cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.8
cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.9
cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.10
cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.11
cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.12
cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.13
cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.14
cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.15
cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.16
cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.17
cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.18
cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.19
cpe:2.3:a:postgresql:postgresql:8.3.19:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.20
cpe:2.3:a:postgresql:postgresql:8.3.20:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.21
cpe:2.3:a:postgresql:postgresql:8.3.21:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.22
cpe:2.3:a:postgresql:postgresql:8.3.22:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4
cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.1
cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.2
cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.3
cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.4
cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.5
cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.6
cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.7
cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.8
cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.9
cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.10
cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.11
cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.12
cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.13
cpe:2.3:a:postgresql:postgresql:8.4.13:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.14
cpe:2.3:a:postgresql:postgresql:8.4.14:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.15
cpe:2.3:a:postgresql:postgresql:8.4.15:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0
cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.1
cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.2
cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.3
cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.4
cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.5
cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.6
cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.7
cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.8
cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.9
cpe:2.3:a:postgresql:postgresql:9.0.9:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.10
cpe:2.3:a:postgresql:postgresql:9.0.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.htmlsecalert@redhat.com
N/A
http://osvdb.org/89935secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-1475.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/51923secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/52819secalert@redhat.com
N/A
http://securitytracker.com/id?1028092secalert@redhat.com
N/A
http://www.debian.org/security/2013/dsa-2630secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142secalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlsecalert@redhat.com
N/A
http://www.postgresql.org/docs/8.3/static/release-8-3-23.htmlsecalert@redhat.com
N/A
http://www.postgresql.org/docs/8.4/static/release-8-4-16.htmlsecalert@redhat.com
N/A
http://www.postgresql.org/docs/9.0/static/release-9-0-12.htmlsecalert@redhat.com
N/A
http://www.postgresql.org/docs/9.1/static/release-9-1-8.htmlsecalert@redhat.com
N/A
http://www.postgresql.org/docs/9.2/static/release-9-2-3.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/57844secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1717-1secalert@redhat.com
N/A
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_indexsecalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=907892secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/81917secalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/89935af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-1475.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/51923af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/52819af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1028092af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2013/dsa-2630af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/docs/8.3/static/release-8-3-23.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/docs/8.4/static/release-8-4-16.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/docs/9.0/static/release-9-0-12.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/docs/9.1/static/release-9-1-8.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/docs/9.2/static/release-9-2-3.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/57844af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1717-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_indexaf854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=907892af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/81917af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/89935
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1475.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/51923
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/52819
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://securitytracker.com/id?1028092
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2630
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/57844
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1717-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=907892
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/81917
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/89935
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1475.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/51923
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/52819
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1028092
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2630
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/57844
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1717-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=907892
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/81917
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

126Records found
CVE-2007-6067
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 76.15%
||
7 Day CHG~0.00%
Published-09 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

Action-Not Available
Vendor-tcl_tkn/aThe PostgreSQL Global Development Group
Product-tcl_tkpostgresqln/a
CWE ID-CWE-189
Not Available
CVE-2007-4769
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.08% / 76.92%
||
7 Day CHG~0.00%
Published-09 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

Action-Not Available
Vendor-tcl_tkn/aThe PostgreSQL Global Development Group
Product-tcl_tkpostgresqln/a
CWE ID-CWE-189
Not Available
CVE-2023-32305
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 18:46
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupAiven
Product-postgresqlaivenaiven-extras
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-2454
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.24% / 47.53%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 00:00
Updated-04 Jun, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

Action-Not Available
Vendor-n/aFedora ProjectThe PostgreSQL Global Development GroupRed Hat, Inc.
Product-software_collectionsfedorapostgresqlenterprise_linuxpostgresql
CWE ID-CWE-20
Improper Input Validation
CVE-2023-2455
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 00:00
Updated-06 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupFedora ProjectRed Hat, Inc.
Product-software_collectionsfedorapostgresqlenterprise_linuxpostgresql
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1058
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-82.42% / 99.18%
||
7 Day CHG~0.00%
Published-02 Mar, 2018 | 15:00
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

Action-Not Available
Vendor-Canonical Ltd.The PostgreSQL Global Development GroupRed Hat, Inc.
Product-ubuntu_linuxcloudformspostgresqlpostgresql
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0867
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.87% / 82.33%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_hpc_nodeenterprise_linux_server_eusenterprise_linux_workstationdesktop_workstationpostgresqldebian_linuxopensuseenterprise_linuxenterprise_linux_servern/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-0066
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-1.91% / 82.56%
||
7 Day CHG~0.00%
Published-28 Mar, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development Group
Product-postgresqln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8623
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 80.37%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016Windows Hyper-V
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6610
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.62% / 69.21%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.7) 9.2(4.11) 9.4(4) 9.5(3) 9.6(1.5). Cisco Bug IDs: CSCuz11685.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwareCisco ASA Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-399
Not Available
CVE-2021-44402
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44418
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44367
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.26% / 48.89%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44358
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44365
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44389
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44390
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44380
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44396
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44370
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44362
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44361
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44393
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44407
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44363
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44376
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44395
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44403
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44399
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44359
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44369
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44360
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44410
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44417
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44379
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44374
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44372
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.26% / 48.89%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44408
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44378
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44397
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44404
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44377
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44401
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44409
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44382
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44411
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44387
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44419
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44388
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44383
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found