Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-8768

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Nov, 2014 | 17:00
Updated At-06 Aug, 2024 | 13:26
Rejected At-
Credits

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Nov, 2014 | 17:00
Updated At:06 Aug, 2024 | 13:26
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.exploit-db.com/exploits/35359
exploit
x_refsource_EXPLOIT-DB
http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
vendor-advisory
x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
x_refsource_CONFIRM
http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html
x_refsource_MISC
http://www.ubuntu.com/usn/USN-2433-1
vendor-advisory
x_refsource_UBUNTU
http://seclists.org/fulldisclosure/2014/Nov/48
mailing-list
x_refsource_FULLDISC
http://www.securityfocus.com/bid/71155
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/98766
vdb-entry
x_refsource_XF
http://www.securityfocus.com/archive/1/534010/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.exploit-db.com/exploits/35359
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html
Resource:
x_refsource_MISC
Hyperlink: http://www.ubuntu.com/usn/USN-2433-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://seclists.org/fulldisclosure/2014/Nov/48
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.securityfocus.com/bid/71155
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/98766
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/archive/1/534010/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.exploit-db.com/exploits/35359
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
x_refsource_CONFIRM
x_transferred
http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html
x_refsource_MISC
x_transferred
http://www.ubuntu.com/usn/USN-2433-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://seclists.org/fulldisclosure/2014/Nov/48
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.securityfocus.com/bid/71155
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/98766
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/archive/1/534010/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/35359
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2433-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2014/Nov/48
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/71155
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/98766
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/534010/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Nov, 2014 | 17:50
Updated At:06 May, 2026 | 22:30

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
openSUSE
opensuse
>>opensuse>>13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.10
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>solaris>>11.2
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>tcpdump>>4.5.0
cpe:2.3:a:redhat:tcpdump:4.5.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>tcpdump>>4.5.1
cpe:2.3:a:redhat:tcpdump:4.5.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>tcpdump>>4.5.2
cpe:2.3:a:redhat:tcpdump:4.5.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>tcpdump>>4.6.0
cpe:2.3:a:redhat:tcpdump:4.6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>tcpdump>>4.6.1
cpe:2.3:a:redhat:tcpdump:4.6.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>tcpdump>>4.6.2
cpe:2.3:a:redhat:tcpdump:4.6.2:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-191Primarynvd@nist.gov
CWE ID: CWE-191
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.htmlcve@mitre.org
Third Party Advisory
http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.htmlcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2014/Nov/48cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/35359cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/archive/1/534010/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/71155cve@mitre.org
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2433-1cve@mitre.org
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98766cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2014/Nov/48af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/35359af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/534010/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/71155af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2433-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98766af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2014/Nov/48
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.exploit-db.com/exploits/35359
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/534010/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/71155
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2433-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/98766
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2014/Nov/48
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.exploit-db.com/exploits/35359
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/534010/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/71155
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2433-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/98766
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1228Records found
CVE-2004-1002
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.08% / 84.09%
||
7 Day CHG~0.00%
Published-04 Nov, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.

Action-Not Available
Vendor-n/aCanonical Ltd.Samba
Product-pppubuntu_linuxn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2016-7800
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.18% / 84.45%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-debian_linuxleapgraphicsmagickopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2013-6425
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.00% / 86.62%
||
7 Day CHG~0.00%
Published-18 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Action-Not Available
Vendor-pixmann/aCanonical Ltd.openSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoppixmanenterprise_linux_server_ausenterprise_linux_eusopensusen/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2013-6424
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.84% / 91.40%
||
7 Day CHG~0.00%
Published-18 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Action-Not Available
Vendor-pixmann/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxpixmanopensusen/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2014-8116
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-15.88% / 94.78%
||
7 Day CHG~0.00%
Published-17 Dec, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

Action-Not Available
Vendor-mageiafile_projectn/aFreeBSD FoundationCanonical Ltd.
Product-fileubuntu_linuxfreebsdmageian/a
CVE-2005-2970
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-20.80% / 95.64%
||
7 Day CHG~0.00%
Published-25 Oct, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

Action-Not Available
Vendor-n/aThe Apache Software FoundationCanonical Ltd.Fedora ProjectRed Hat, Inc.
Product-ubuntu_linuxhttp_serverfedora_coreenterprise_linux_desktopenterprise_linux_workstationenterprise_linux_servern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-7536
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.37% / 80.33%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 00:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoRed Hat, Inc.Debian GNU/Linux
Product-ubuntu_linuxdjangodebian_linuxopenstackn/a
CWE ID-CWE-185
Incorrect Regular Expression
CVE-2018-7050
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 78.53%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.

Action-Not Available
Vendor-irssin/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxirssidebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2007-6304
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.92% / 89.66%
||
7 Day CHG~0.00%
Published-10 Dec, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CVE-2013-3820
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.72% / 72.53%
||
7 Day CHG~0.00%
Published-17 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via unknown vectors related to Business Interlink.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_productsn/a
CVE-2007-4136
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.18% / 78.81%
||
7 Day CHG~0.00%
Published-14 Nov, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-congan/a
CVE-2013-1570
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.51% / 66.64%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2018-7052
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 78.53%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.

Action-Not Available
Vendor-irssin/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxirssidebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2005-1746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.86% / 75.06%
||
7 Day CHG~0.00%
Published-24 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.

Action-Not Available
Vendor-n/aBEA Systems, Inc.Oracle Corporation
Product-weblogic_portalweblogic_servern/a
CVE-2013-1538
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.90% / 75.72%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 12:10
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2018-6951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.33% / 94.67%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 19:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Action-Not Available
Vendor-n/aCanonical Ltd.GNU
Product-patchubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2005-1749
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.83% / 74.67%
||
7 Day CHG~0.00%
Published-24 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).

Action-Not Available
Vendor-n/aBEA Systems, Inc.Oracle Corporation
Product-weblogic_portalweblogic_servern/a
CVE-2005-1513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.48% / 92.86%
||
7 Day CHG~0.00%
Published-11 May, 2005 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.

Action-Not Available
Vendor-qmail_projectn/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxqmailn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2005-1061
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-5.67% / 90.42%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."

Action-Not Available
Vendor-logwatchn/aRed Hat, Inc.
Product-logwatchlinux_advanced_workstationenterprise_linuxn/a
CVE-2005-1267
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-11.27% / 93.56%
||
7 Day CHG~0.00%
Published-20 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

Action-Not Available
Vendor-lbltrustixn/aRed Hat, Inc.Mandriva (Mandrakesoft)Gentoo Foundation, Inc.
Product-linuxmandrake_linuxfedora_coresecure_linuxtcpdumpn/a
CVE-2005-1742
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.41% / 61.48%
||
7 Day CHG~0.00%
Published-24 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."

Action-Not Available
Vendor-n/aBEA Systems, Inc.Oracle Corporation
Product-weblogic_portalweblogic_servern/a
CVE-2005-1260
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-9.80% / 93.00%
||
7 Day CHG~0.00%
Published-19 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

Action-Not Available
Vendor-bzipn/aCanonical Ltd.Apple Inc.Debian GNU/Linux
Product-debian_linuxmac_os_xubuntu_linuxbzip2n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2005-1268
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.27% / 88.88%
||
7 Day CHG~0.00%
Published-05 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxhttp_serverenterprise_linux_desktopenterprise_linux_workstationenterprise_linux_servern/a
CWE ID-CWE-193
Off-by-one Error
CVE-2013-0883
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-0.73% / 72.83%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-4124
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-83.53% / 99.29%
||
7 Day CHG~0.00%
Published-05 Aug, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESambaRed Hat, Inc.Fedora Project
Product-ubuntu_linuxopensusefedorasambaenterprise_linuxn/a
CVE-2013-3834
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 72.19%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5 allows remote attackers to affect availability via unknown vectors related to ttaauxserv.

Action-Not Available
Vendor-n/aOracle Corporation
Product-virtualizationn/a
CVE-2013-3558
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.26% / 87.21%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2005-0398
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.06% / 88.58%
||
7 Day CHG~0.00%
Published-26 Mar, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

Action-Not Available
Vendor-altlinuxipsec-toolskamen/aRed Hat, Inc.Silicon Graphics, Inc.SUSE
Product-alt_linuxipsec-toolssuse_linuxracoonpropackenterprise_linux_desktopenterprise_linuxn/a
CVE-2013-1545
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.65% / 70.91%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 12:10
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2013-1962
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.78% / 88.11%
||
7 Day CHG~0.00%
Published-29 May, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-libvirtn/a
CVE-2018-7262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 81.44%
||
7 Day CHG~0.00%
Published-19 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora Project
Product-cephfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.05% / 77.61%
||
7 Day CHG~0.00%
Published-05 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.

Action-Not Available
Vendor-n/aOracle CorporationUbuntuSUSE
Product-suse_linuxubuntu_linuxmysqln/a
CVE-2018-7184
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.13% / 94.15%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.NetApp, Inc.Synology, Inc.Slackware
Product-vs960hd_firmwarevirtual_diskstation_managerslackware_linuxcloud_backupsteelstore_cloud_integrated_storagediskstation_managerubuntu_linuxrouter_managerskynasntpn/a
CVE-2004-1009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.29% / 79.74%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Action-Not Available
Vendor-turbolinuxn/aDebian GNU/LinuxMidnight CommanderGentoo Foundation, Inc.Red Hat, Inc.SUSE
Product-debian_linuxlinuxlinux_advanced_workstationturbolinux_workstationsuse_linuxmidnight_commanderturbolinux_serverenterprise_linuxn/a
CVE-2018-7549
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.

Action-Not Available
Vendor-zshn/aCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_workstationzshenterprise_linux_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0635
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.92% / 92.61%
||
7 Day CHG~0.00%
Published-08 Jul, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

Action-Not Available
Vendor-ethereal_groupn/aRed Hat, Inc.Mandriva (Mandrakesoft)Gentoo Foundation, Inc.
Product-linuxlinux_advanced_workstationetherealmandrake_linuxenterprise_linuxn/a
CVE-2018-7537
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.06% / 84.02%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 20:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoDebian GNU/Linux
Product-ubuntu_linuxdjangodebian_linuxn/a
CWE ID-CWE-185
Incorrect Regular Expression
CVE-2018-7185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.92% / 86.46%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.Synology, Inc.Hewlett Packard Enterprise (HPE)NetApp, Inc.Oracle Corporation
Product-fujitsu_m12-2vs960hd_firmwarefujitsu_m12-2_firmwarefujitsu_m10-4fujitsu_m10-1_firmwarediskstation_managerfujitsu_m12-2subuntu_linuxntpfujitsu_m10-1fujitsu_m10-4_firmwarefujitsu_m10-4svs960hdhpux-ntpfujitsu_m12-1virtual_diskstation_managerfujitsu_m12-2s_firmwarefujitsu_m12-1_firmwarefujitsu_m10-4s_firmwaresolidfirerouter_managerskynashcin/a
CVE-2004-1014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.46% / 85.31%
||
7 Day CHG~0.00%
Published-08 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

Action-Not Available
Vendor-nfsn/aDebian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-debian_linuxmandrake_linuxenterprise_linux_desktopnfs-utilsenterprise_linuxmandrake_linux_corporate_servern/a
CVE-2004-0809
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.02% / 94.37%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Action-Not Available
Vendor-turbolinuxtrustixn/aThe Apache Software FoundationHP Inc.Debian GNU/LinuxMandriva (Mandrakesoft)Gentoo Foundation, Inc.Red Hat, Inc.
Product-debian_linuxlinuxmandrake_linuxsecure_web_server_for_tru64http_serverenterprise_linux_desktophp-uxsecure_linuxturbolinux_desktopturbolinux_serverturbolinux_homeenterprise_linuxn/a
CVE-2004-0634
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.05% / 93.48%
||
7 Day CHG~0.00%
Published-08 Jul, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

Action-Not Available
Vendor-ethereal_groupn/aRed Hat, Inc.Mandriva (Mandrakesoft)Gentoo Foundation, Inc.
Product-linuxlinux_advanced_workstationetherealmandrake_linuxenterprise_linuxn/a
CVE-2004-0961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.64% / 85.79%
||
7 Day CHG~0.00%
Published-20 Oct, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

Action-Not Available
Vendor-n/aFreeRADIUSRed Hat, Inc.
Product-enterprise_linuxfreeradiusfedora_coren/a
CVE-2004-1269
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.64% / 92.47%
||
7 Day CHG~0.00%
Published-22 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.

Action-Not Available
Vendor-easy_software_productsn/aRed Hat, Inc.
Product-cupsfedora_coren/a
CVE-2018-6197
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 66.97%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 03:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

Action-Not Available
Vendor-tatsn/aCanonical Ltd.
Product-ubuntu_linuxw3mn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0886
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.99% / 93.46%
||
7 Day CHG~0.00%
Published-26 Oct, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Action-Not Available
Vendor-pdflibwxgtk2trustixn/aApple Inc.LibTIFFMandriva (Mandrakesoft)Red Hat, Inc.KDESUSE
Product-mac_os_xwxgtk2kdelinux_advanced_workstationmandrake_linuxsuse_linuxfedora_coreenterprise_linux_desktoppdf_librarysecure_linuxlibtiffenterprise_linuxmac_os_x_servern/a
CVE-2004-1142
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.83% / 92.56%
||
7 Day CHG~0.00%
Published-31 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

Action-Not Available
Vendor-altlinuxconectivaethereal_groupn/aDebian GNU/LinuxSilicon Graphics, Inc.Red Hat, Inc.SUSE
Product-alt_linuxdebian_linuxlinuxlinux_advanced_workstationetherealsuse_linuxpropackenterprise_linux_desktopenterprise_linuxn/a
CVE-2004-1369
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.77% / 88.11%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_grid_controlcollaboration_suiteoracle9ie-business_suiteapplication_serverenterprise_manageroracle8ioracle10genterprise_manager_database_controln/a
CVE-2004-1093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.06% / 77.74%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

Action-Not Available
Vendor-turbolinuxn/aDebian GNU/LinuxMidnight CommanderGentoo Foundation, Inc.Red Hat, Inc.SUSE
Product-debian_linuxlinuxlinux_advanced_workstationturbolinux_workstationsuse_linuxmidnight_commanderturbolinux_serverenterprise_linuxn/a
CVE-2004-0930
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.06% / 90.79%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

Action-Not Available
Vendor-conectivan/aGentoo Foundation, Inc.Silicon Graphics, Inc.SambaRed Hat, Inc.
Product-linuxlinux_advanced_workstationsambafedora_coreenterprise_linux_desktopenterprise_linuxn/a
CVE-2004-0633
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-36.54% / 97.15%
||
7 Day CHG~0.00%
Published-08 Jul, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

Action-Not Available
Vendor-ethereal_groupn/aRed Hat, Inc.Mandriva (Mandrakesoft)Gentoo Foundation, Inc.
Product-linuxlinux_advanced_workstationetherealmandrake_linuxenterprise_linuxn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 24
  • 25
  • Next
Details not found