Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-6053

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Dec, 2014 | 17:27
Updated At-06 Aug, 2024 | 12:03
Rejected At-
Credits

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Dec, 2014 | 17:27
Updated At:06 Aug, 2024 | 12:03
Rejected At:
▼CVE Numbering Authority (CNA)

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ocert.org/advisories/ocert-2014-007.html
x_refsource_MISC
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
x_refsource_CONFIRM
http://secunia.com/advisories/61682
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/61506
third-party-advisory
x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2014/09/25/11
mailing-list
x_refsource_MLIST
http://seclists.org/oss-sec/2014/q3/639
mailing-list
x_refsource_MLIST
http://ubuntu.com/usn/usn-2365-1
vendor-advisory
x_refsource_UBUNTU
https://security.gentoo.org/glsa/201507-07
vendor-advisory
x_refsource_GENTOO
http://www.debian.org/security/2014/dsa-3081
vendor-advisory
x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
mailing-list
x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
mailing-list
x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
mailing-list
x_refsource_MLIST
https://usn.ubuntu.com/4573-1/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4587-1/
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ocert.org/advisories/ocert-2014-007.html
Resource:
x_refsource_MISC
Hyperlink: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/61682
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/61506
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openwall.com/lists/oss-security/2014/09/25/11
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://seclists.org/oss-sec/2014/q3/639
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://ubuntu.com/usn/usn-2365-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://security.gentoo.org/glsa/201507-07
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.debian.org/security/2014/dsa-3081
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://usn.ubuntu.com/4573-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://usn.ubuntu.com/4587-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ocert.org/advisories/ocert-2014-007.html
x_refsource_MISC
x_transferred
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/61682
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/61506
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openwall.com/lists/oss-security/2014/09/25/11
mailing-list
x_refsource_MLIST
x_transferred
http://seclists.org/oss-sec/2014/q3/639
mailing-list
x_refsource_MLIST
x_transferred
http://ubuntu.com/usn/usn-2365-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://security.gentoo.org/glsa/201507-07
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.debian.org/security/2014/dsa-3081
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
mailing-list
x_refsource_MLIST
x_transferred
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
mailing-list
x_refsource_MLIST
x_transferred
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
mailing-list
x_refsource_MLIST
x_transferred
https://usn.ubuntu.com/4573-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4587-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ocert.org/advisories/ocert-2014-007.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/61682
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/61506
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2014/09/25/11
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://seclists.org/oss-sec/2014/q3/639
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://ubuntu.com/usn/usn-2365-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201507-07
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-3081
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://usn.ubuntu.com/4573-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://usn.ubuntu.com/4587-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Dec, 2014 | 18:59
Updated At:06 May, 2026 | 22:30

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
libvncserver
libvncserver
>>libvncserver>>Versions up to 0.9.9(inclusive)
cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-19Primarynvd@nist.gov
CWE ID: CWE-19
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlcve@mitre.org
N/A
http://seclists.org/oss-sec/2014/q3/639cve@mitre.org
Mailing List
Third Party Advisory
http://secunia.com/advisories/61506cve@mitre.org
N/A
http://secunia.com/advisories/61682cve@mitre.org
N/A
http://ubuntu.com/usn/usn-2365-1cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2014/dsa-3081cve@mitre.org
Third Party Advisory
http://www.ocert.org/advisories/ocert-2014-007.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.openwall.com/lists/oss-security/2014/09/25/11cve@mitre.org
Mailing List
Third Party Advisory
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28cve@mitre.org
Issue Tracking
Patch
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlcve@mitre.org
N/A
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.htmlcve@mitre.org
N/A
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlcve@mitre.org
N/A
https://security.gentoo.org/glsa/201507-07cve@mitre.org
N/A
https://usn.ubuntu.com/4573-1/cve@mitre.org
N/A
https://usn.ubuntu.com/4587-1/cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/oss-sec/2014/q3/639af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://secunia.com/advisories/61506af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61682af854a3a-2127-422b-91ae-364da2661108
N/A
http://ubuntu.com/usn/usn-2365-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2014/dsa-3081af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ocert.org/advisories/ocert-2014-007.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.openwall.com/lists/oss-security/2014/09/25/11af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201507-07af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/4573-1/af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/4587-1/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2014/q3/639
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/61506
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/61682
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://ubuntu.com/usn/usn-2365-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-3081
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ocert.org/advisories/ocert-2014-007.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.openwall.com/lists/oss-security/2014/09/25/11
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201507-07
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4573-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4587-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2014/q3/639
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/61506
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61682
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://ubuntu.com/usn/usn-2365-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-3081
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ocert.org/advisories/ocert-2014-007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.openwall.com/lists/oss-security/2014/09/25/11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201507-07
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4573-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4587-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

979Records found
CVE-2016-4348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.94%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

Action-Not Available
Vendor-n/aThe GNOME ProjectopenSUSEDebian GNU/Linux
Product-leapdebian_linuxlibrsvgopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4353
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.08% / 78.07%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

Action-Not Available
Vendor-gnupgn/aCanonical Ltd.
Product-ubuntu_linuxlibksban/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0939
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.52% / 67.04%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in Debian IRC Epic/epic4 client via a long string.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2016-4423
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.44% / 80.93%
||
7 Day CHG~0.00%
Published-01 Jun, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.

Action-Not Available
Vendor-sensiolabsn/aDebian GNU/Linux
Product-debian_linuxsymfonyn/a
CVE-2011-1752
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-22.71% / 95.94%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.The Apache Software FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxmac_os_xfedorasubversionn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4354
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 78.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

Action-Not Available
Vendor-gnupgn/aCanonical Ltd.
Product-ubuntu_linuxlibksban/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3993
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 78.27%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.

Action-Not Available
Vendor-enlightenmentn/aDebian GNU/Linux
Product-debian_linuximlib2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-0581
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.31%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxWireshark Foundation
Product-fedoradebian_linuxwiresharkWireshark
CWE ID-CWE-416
Use After Free
CVE-2016-3705
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 75.61%
||
7 Day CHG~0.00%
Published-17 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEDebian GNU/LinuxHP Inc.libxml2 (XMLSoft)
Product-debian_linuxubuntu_linuxicewall_federation_agentleapicewall_file_managerlibxml2n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3075
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-12.19% / 93.93%
||
7 Day CHG~0.00%
Published-01 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGNUFedora Project
Product-glibcubuntu_linuxopensusefedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2105
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-42.47% / 97.51%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEOracle CorporationOpenSSLRed Hat, Inc.Debian GNU/LinuxNode.js (OpenJS Foundation)
Product-debian_linuxubuntu_linuxenterprise_linux_workstationenterprise_linux_servermac_os_xnode.jsmysqlenterprise_linux_desktopleapenterprise_linux_hpc_node_eusenterprise_linux_server_eusenterprise_linux_hpc_nodeenterprise_linux_server_ausopensslopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-2194
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.69% / 82.47%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

Action-Not Available
Vendor-botan_projectn/aDebian GNU/Linux
Product-debian_linuxbotann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2147
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.29% / 92.35%
||
7 Day CHG~0.00%
Published-09 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

Action-Not Available
Vendor-busyboxn/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxbusyboxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2011-1002
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-57.72% / 98.20%
||
7 Day CHG-10.40%
Published-22 Feb, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Action-Not Available
Vendor-avahin/aCanonical Ltd.Red Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxavahifedoraenterprise_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2016-2518
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.48% / 87.73%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

Action-Not Available
Vendor-ntpn/aFreeBSD FoundationOracle CorporationSiemens AGRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-debian_linuxfreebsdoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusoncommand_balancecommunications_user_data_repositoryenterprise_linux_server_eusenterprise_linux_server_ausdata_ontapsimatic_net_cp_443-1_opc_uaenterprise_linux_serveroncommand_unified_manager_for_clustered_data_ontapenterprise_linux_workstationclustered_data_ontaplinuxsimatic_net_cp_443-1_opc_ua_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-0984
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.76% / 82.85%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1967
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-60.77% / 98.32%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 13:45
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segmentation fault in SSL_check_chain

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Action-Not Available
Vendor-jdedwardsFreeBSD FoundationFedora ProjectOracle CorporationTenable, Inc.Broadcom Inc.Debian GNU/LinuxopenSUSEOpenSSLNetApp, Inc.
Product-freebsdjd_edwards_world_securitypeoplesoft_enterprise_peopletoolsenterprise_manager_for_storage_managementopenssle-series_performance_analyzeractive_iq_unified_managerlog_correlation_enginemysql_connectorsleaponcommand_workflow_automationmysql_workbenchsnapcentersteelstore_cloud_integrated_storagehttp_servermysqldebian_linuxsmi-s_providermysql_enterprise_monitorfedoraenterpriseoneapplication_serverfabric_operating_systementerprise_manager_ops_centerenterprise_manager_base_platformoncommand_insightOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-0583
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxWireshark Foundation
Product-fedoradebian_linuxwiresharkWireshark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-11803
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.84% / 93.47%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 17:00
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software Foundation
Product-ubuntu_linuxsubversionApache Subversion
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2016-1286
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-53.59% / 98.02%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEJuniper Networks, Inc.Internet Systems Consortium, Inc.SUSEDebian GNU/LinuxFedora Project
Product-srx2300ubuntu_linuxsrx345srx1600srx110fedorasrx5800srx300srx4700vsrxsrx380managersrx550_hmsrx550msrx650srx1400srx240mleapsrx3400srx4000srx100opensusesrx1500debian_linuxlinux_enterprise_desktopsrx340srx4100srx5600linux_enterprise_debuginfolinux_enterprise_serversrx320srx3600srx4300linux_enterprise_software_development_kitsrx4600srx240h2junossrx5000srx220manager_proxysrx4200bindsrx550srx5400srx210openstack_cloudsrx240n/a
CVE-2011-0779
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.48% / 81.22%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14459
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.03% / 84.03%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 20:57
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

Action-Not Available
Vendor-nfdump_projectn/aDebian GNU/LinuxFedora Project
Product-nfdumpdebian_linuxfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-10546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-64.86% / 98.49%
||
7 Day CHG~0.00%
Published-29 Apr, 2018 | 21:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

Action-Not Available
Vendor-n/aNetApp, Inc.Canonical Ltd.Debian GNU/LinuxThe PHP Group
Product-ubuntu_linuxphpdebian_linuxstorage_automation_storen/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2016-10197
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.42% / 85.32%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.

Action-Not Available
Vendor-libevent_projectn/aDebian GNU/Linux
Product-libeventdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-0711
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-66.48% / 98.55%
||
7 Day CHG~0.00%
Published-02 Mar, 2022 | 21:59
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Action-Not Available
Vendor-haproxyn/aDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxsoftware_collectionsopenshift_container_platformenterprise_linuxhaproxyhaproxy
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2016-10109
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.05% / 91.60%
||
7 Day CHG~0.00%
Published-23 Feb, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

Action-Not Available
Vendor-musclen/aCanonical Ltd.
Product-pcsc-liteubuntu_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2016-0773
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-10.87% / 93.48%
||
7 Day CHG~0.00%
Published-17 Feb, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxThe PostgreSQL Global Development Group
Product-postgresqldebian_linuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0747
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-20.02% / 95.56%
||
7 Day CHG-0.42%
Published-15 Feb, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEF5, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxxcodeleapnginxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-13619
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.42% / 93.67%
||
7 Day CHG~0.00%
Published-17 Jul, 2019 | 19:18
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxdebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8899
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.51%
||
7 Day CHG~0.00%
Published-30 Jun, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

Action-Not Available
Vendor-thekelleysn/aCanonical Ltd.
Product-dnsmasqubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8930
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.80% / 89.61%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveSUSE
Product-ubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlibarchivelinux_enterprise_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8921
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.25% / 88.94%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveNovell
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_serverlibarchivesuse_linux_enterprise_desktopn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8979
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.56%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.

Action-Not Available
Vendor-dicomn/aDebian GNU/Linux
Product-debian_linuxdcmtkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7540
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-39.60% / 97.37%
||
7 Day CHG~0.00%
Published-29 Dec, 2015 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxSamba
Product-debian_linuxsambaubuntu_linuxn/a
CVE-2015-7500
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.40% / 80.64%
||
7 Day CHG~0.00%
Published-15 Dec, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Debian GNU/LinuxRed Hat, Inc.HP Inc.libxml2 (XMLSoft)
Product-debian_linuxwatchosubuntu_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopicewall_federation_agentiphone_osicewall_file_managerenterprise_linux_hpc_nodetvoslibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7704
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.46% / 95.79%
||
7 Day CHG+7.52%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aCitrix (Cloud Software Group, Inc.)McAfee, LLCRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_eusenterprise_security_managerenterprise_linux_server_ausoncommand_unified_managerxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7692
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.96% / 94.85%
||
7 Day CHG+3.17%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7236
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-4.17% / 88.83%
||
7 Day CHG~0.00%
Published-01 Oct, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.

Action-Not Available
Vendor-rpcbind_projectn/aDebian GNU/LinuxCanonical Ltd.Oracle Corporation
Product-rpcbindsolarisdebian_linuxubuntu_linuxn/a
CVE-2015-6251
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.69% / 91.36%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-debian_linuxgnutlsn/a
CVE-2015-5964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.69% / 89.48%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoOracle Corporation
Product-solarisubuntu_linuxdjangon/a
CVE-2015-4896
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.50% / 81.36%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/Linux
Product-debian_linuxvm_virtualboxn/a
CVE-2015-5219
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.24% / 84.77%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.openSUSEOracle CorporationSiemens AGSUSENovellRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxenterprise_linux_desktopntplinux_enterprise_debuginfolinux_enterprise_serverfedoratim_4r-id_dnp3tim_4r-ieenterprise_linux_serverenterprise_linux_workstationmanagertim_4r-id_dnp3_firmwaremanager_proxyleaplinuxenterprise_linux_hpc_nodetim_4r-ie_firmwareopenstack_cloudn/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2015-5194
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.41% / 92.43%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.SUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationmanagerenterprise_linux_desktopntpmanager_proxylinux_enterprise_debuginfolinux_enterprise_serverenterprise_linux_hpc_nodefedoraopenstack_cloudn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-46669
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.89%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 01:46
Updated-04 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

Action-Not Available
Vendor-n/aMariaDB FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxfedoramariadbn/a
CWE ID-CWE-416
Use After Free
CVE-2015-5177
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.22% / 79.34%
||
7 Day CHG~0.00%
Published-20 Oct, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

Action-Not Available
Vendor-openslpn/aDebian GNU/Linux
Product-debian_linuxopenslpn/a
CWE ID-CWE-415
Double Free
CVE-2010-4577
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.27% / 88.95%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."

Action-Not Available
Vendor-webkitgtkn/aDebian GNU/LinuxGoogle LLCFedora Project
Product-debian_linuxfedorachromewebkitgtkchrome_osn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2015-4651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 68.34%
||
7 Day CHG~0.00%
Published-22 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWireshark FoundationOracle Corporation
Product-solarisdebian_linuxwiresharkn/a
CVE-2018-1000168
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.36% / 87.50%
||
7 Day CHG~0.00%
Published-08 May, 2018 | 15:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Action-Not Available
Vendor-nghttp2n/aNode.js (OpenJS Foundation)Debian GNU/Linux
Product-debian_linuxnode.jsnghttp2n/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-43859
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.86% / 83.31%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 12:08
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service by injecting highly recursive collections or maps in XStream

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.

Action-Not Available
Vendor-xstreamx-streamFedora ProjectJenkinsOracle CorporationDebian GNU/Linux
Product-communications_brm_-_elastic_charging_enginecommerce_guided_searchdebian_linuxflexcube_private_bankingcommunications_cloud_native_core_automated_test_suiteretail_xstore_point_of_servicecommunications_policy_managementxstreamjenkinsfedoracommunications_diameter_intelligence_hubxstream
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-3873
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.37% / 87.52%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncSUSEDebian GNU/Linux
Product-linux_enterprise_serverdebian_linuxlinux_kernelopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 19
  • 20
  • Next
Details not found