Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-9402

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-24 Feb, 2015 | 15:00
Updated At-06 Aug, 2024 | 13:40
Rejected At-
Credits

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:24 Feb, 2015 | 15:00
Updated At:06 Aug, 2024 | 13:40
Rejected At:
▼CVE Numbering Authority (CNA)

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
x_refsource_CONFIRM
https://sourceware.org/bugzilla/show_bug.cgi?id=17630
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201602-02
vendor-advisory
x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2014/12/18/1
mailing-list
x_refsource_MLIST
http://www.ubuntu.com/usn/USN-2519-1
vendor-advisory
x_refsource_UBUNTU
http://www.securityfocus.com/bid/71670
vdb-entry
x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0805
vendor-advisory
x_refsource_REDHAT
http://seclists.org/fulldisclosure/2019/Jun/18
mailing-list
x_refsource_FULLDISC
https://seclists.org/bugtraq/2019/Jun/14
mailing-list
x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Sep/7
mailing-list
x_refsource_FULLDISC
https://seclists.org/bugtraq/2019/Sep/7
mailing-list
x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
x_refsource_MISC
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201602-02
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.openwall.com/lists/oss-security/2014/12/18/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.ubuntu.com/usn/USN-2519-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securityfocus.com/bid/71670
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0805
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://seclists.org/fulldisclosure/2019/Jun/18
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://seclists.org/bugtraq/2019/Jun/14
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
Resource:
x_refsource_MISC
Hyperlink: http://seclists.org/fulldisclosure/2019/Sep/7
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://seclists.org/bugtraq/2019/Sep/7
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
x_refsource_CONFIRM
x_transferred
https://sourceware.org/bugzilla/show_bug.cgi?id=17630
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201602-02
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.openwall.com/lists/oss-security/2014/12/18/1
mailing-list
x_refsource_MLIST
x_transferred
http://www.ubuntu.com/usn/USN-2519-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securityfocus.com/bid/71670
vdb-entry
x_refsource_BID
x_transferred
https://access.redhat.com/errata/RHSA-2018:0805
vendor-advisory
x_refsource_REDHAT
x_transferred
http://seclists.org/fulldisclosure/2019/Jun/18
mailing-list
x_refsource_FULLDISC
x_transferred
https://seclists.org/bugtraq/2019/Jun/14
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
x_refsource_MISC
x_transferred
http://seclists.org/fulldisclosure/2019/Sep/7
mailing-list
x_refsource_FULLDISC
x_transferred
https://seclists.org/bugtraq/2019/Sep/7
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
x_refsource_MISC
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201602-02
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2014/12/18/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2519-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securityfocus.com/bid/71670
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0805
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2019/Jun/18
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Jun/14
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2019/Sep/7
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Sep/7
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:24 Feb, 2015 | 15:59
Updated At:12 Apr, 2025 | 10:46

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
GNU
gnu
>>glibc>>Versions up to 2.20(inclusive)
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.10
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.htmlsecalert@redhat.com
N/A
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlsecalert@redhat.com
N/A
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlsecalert@redhat.com
N/A
http://seclists.org/fulldisclosure/2019/Jun/18secalert@redhat.com
N/A
http://seclists.org/fulldisclosure/2019/Sep/7secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2014/12/18/1secalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/71670secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-2519-1secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2018:0805secalert@redhat.com
N/A
https://seclists.org/bugtraq/2019/Jun/14secalert@redhat.com
N/A
https://seclists.org/bugtraq/2019/Sep/7secalert@redhat.com
N/A
https://security.gentoo.org/glsa/201602-02secalert@redhat.com
N/A
https://sourceware.org/bugzilla/show_bug.cgi?id=17630secalert@redhat.com
Exploit
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2019/Jun/18af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2019/Sep/7af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2014/12/18/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/71670af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2519-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2018:0805af854a3a-2127-422b-91ae-364da2661108
N/A
https://seclists.org/bugtraq/2019/Jun/14af854a3a-2127-422b-91ae-364da2661108
N/A
https://seclists.org/bugtraq/2019/Sep/7af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201602-02af854a3a-2127-422b-91ae-364da2661108
N/A
https://sourceware.org/bugzilla/show_bug.cgi?id=17630af854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2019/Jun/18
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2019/Sep/7
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2014/12/18/1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/71670
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2519-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0805
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Jun/14
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Sep/7
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201602-02
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2019/Jun/18
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2019/Sep/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2014/12/18/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/71670
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2519-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0805
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Jun/14
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Sep/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201602-02
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

86Records found
CVE-2019-19079
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.27% / 79.16%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19075
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 78.49%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.95% / 88.10%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19048
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 78.57%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:23
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka CID-e0b0cb938864.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-16995
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.00% / 83.35%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 12:03
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.openSUSE
Product-h300eh500sservice_processorh300s_firmwareh410c_firmwaredata_availability_servicesh410sh610s_firmwareh300saff_a700ssolidfiresteelstore_cloud_integrated_storageh300e_firmwareh610slinux_kernelh500ehci_management_nodeh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700eh410ch700e_firmwareh700saff_a700s_firmwareleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2015-5143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-15.81% / 94.59%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoOracle CorporationDebian GNU/Linux
Product-debian_linuxdjangoubuntu_linuxsolarisn/a
CVE-2019-16319
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.64%
||
7 Day CHG~0.00%
Published-15 Sep, 2019 | 15:15
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-5364
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-21.23% / 95.54%
||
7 Day CHG~0.00%
Published-31 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-linux_kernelenterprise_linux_server_ausubuntu_linuxdebian_linuxn/a
CVE-2019-15538
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.43% / 94.73%
||
7 Day CHG~0.00%
Published-25 Aug, 2019 | 15:25
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSECanonical Ltd.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-ubuntu_linuxh300eh500sh300s_firmwareh410c_firmwareh410sh610s_firmwareleaph300saff_a700ssolidfireh300e_firmwareh610sdebian_linuxlinux_kernelh500ehci_management_nodeh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwareh700saff_a700s_firmwaredata_availability_servicesn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-4164
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-2.00% / 83.35%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncDebian GNU/LinuxopenSUSE
Product-linux_kernelopensusedebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-15099
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.66% / 81.77%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 01:15
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-11810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.84% / 82.65%
||
7 Day CHG-0.04%
Published-07 May, 2019 | 13:04
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-11477
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-74.55% / 98.82%
||
7 Day CHG~0.00%
Published-18 Jun, 2019 | 23:34
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Action-Not Available
Vendor-Ivanti SoftwareCanonical Ltd.Linux Kernel Organization, IncPulse SecureF5, Inc.Red Hat, Inc.
Product-ubuntu_linuxbig-ip_webacceleratorpulse_secure_virtual_application_delivery_controllerbig-ip_application_acceleration_managerenterprise_linux_atomic_hostbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linuxenterprise_linux_ausbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systemconnect_securebig-ip_application_security_managerbig-ip_edge_gatewaylinux_kernelbig-ip_link_controllerenterprise_linux_euspulse_policy_securebig-ip_access_policy_managertraffix_signaling_delivery_controllerenterprise_mrgbig-ip_advanced_firewall_managerLinux kernel
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-5390
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-6.84% / 91.16%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Linux Kernel Organization, IncF5, Inc.A10 NetworksCisco Systems, Inc.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxtelepresence_video_communication_server_firmwarebig-ip_webacceleratortelepresence_conductor_firmwarebig-ip_application_acceleration_managerenterprise_linux_server_eusbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausmeeting_managementtelepresence_conductorbig-ip_local_traffic_managerbig-ip_application_security_managerwebex_hybrid_data_securitythreat_grid-cloudtelepresence_video_communication_serverenterprise_linux_workstationbig-ip_access_policy_managerenterprise_linux_desktopvirtualizationtraffix_systems_signaling_delivery_controlleradvanced_core_operating_systemaruba_airwave_ampbig-ip_global_traffic_managerexpressway_seriesaruba_clearpass_policy_managerbig-ip_analyticsbig-ip_domain_name_systemexpresswaybig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllercollaboration_meeting_roomsdigital_network_architecture_centerwebex_video_meshenterprise_linux_server_tusbig-ip_advanced_firewall_managernetwork_assurance_engineLinux Kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-5391
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.82% / 87.89%
||
7 Day CHG-1.28%
Published-06 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.F5, Inc.Siemens AGLinux Kernel Organization, IncMicrosoft Corporation
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerenterprise_linux_server_euswindows_8.1big-ip_policy_enforcement_managerenterprise_linux_server_ausscalance_sc-600_firmwaresimatic_rf188_firmwareruggedcom_rm1224_firmwarebig-ip_local_traffic_managersimatic_net_cp_1243-7_lte_uswindows_10simatic_net_cp_1243-7_lte_us_firmwarescalance_w700_ieee_802.11a\/b\/g\/nsinema_remote_connect_serverenterprise_linux_workstationsimatic_net_cp_1243-1simatic_net_cp_1243-7_lte_eu_firmwaresimatic_rf185c_firmwarescalance_s615_firmwaresimatic_net_cp_1543sp-1enterprise_linux_desktopsimatic_net_cp_1543-1scalance_m-800_firmwaresimatic_net_cp_1242-7_firmwaresimatic_net_cp_1542sp-1_firmwarebig-ip_domain_name_systemsimatic_net_cp_1543sp-1_firmwarescalance_w1700_ieee_802.11ac_firmwareruggedcom_rox_iisimatic_net_cp_1542sp-1big-ip_edge_gatewaydebian_linuxlinux_kernelsimatic_net_cp_1543-1_firmwarescalance_sc-600simatic_net_cp_1242-7simatic_net_cp_1243-1_firmwarewindows_server_2008simatic_net_cp_1542sp-1_irc_firmwareenterprise_linux_serverwindows_server_2016windows_server_2012simatic_rf188big-ip_fraud_protection_serviceruggedcom_rox_ii_firmwarescalance_w700_ieee_802.11a\/b\/g\/n_firmwaresimatic_rf186c_firmwaresimatic_net_cp_1542sp-1_ircbig-ip_application_security_managerruggedcom_rm1224simatic_rf185cscalance_s615simatic_rf186cisimatic_net_cp_1243-8_ircbig-ip_access_policy_managersimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwaresimatic_rf188ci_firmwaresinema_remote_connect_server_firmwarewindows_rt_8.1big-ip_global_traffic_managerbig-ip_analyticssimatic_rf186cbig-ip_link_controllerscalance_w1700_ieee_802.11acwindows_7scalance_m-800enterprise_linux_server_tusbig-ip_advanced_firewall_managersimatic_rf188cisimatic_net_cp_1243-7_lte_euKernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20843
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.83% / 90.34%
||
7 Day CHG~0.00%
Published-24 Jun, 2019 | 16:06
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Action-Not Available
Vendor-libexpat_projectn/aOracle CorporationopenSUSEDebian GNU/LinuxFedora ProjectTenable, Inc.Canonical Ltd.
Product-hospitality_res_3700outside_in_technologynessuslibexpatleapfedoradebian_linuxubuntu_linuxhttp_servern/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-20021
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-2.55% / 85.20%
||
7 Day CHG~0.00%
Published-19 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM

Action-Not Available
Vendor-libvnc_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxlibvncserverdebian_linuxLibVNC
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-16844
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-10.88% / 93.23%
||
7 Day CHG~0.00%
Published-07 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Action-Not Available
Vendor-[UNKNOWN]Canonical Ltd.Debian GNU/LinuxApple Inc.F5, Inc.
Product-xcodenginxdebian_linuxubuntu_linuxnginx
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-16875
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.69% / 81.92%
||
7 Day CHG~0.00%
Published-14 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

Action-Not Available
Vendor-[UNKNOWN]GoopenSUSE
Product-goleapgolang
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-16843
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-55.54% / 98.01%
||
7 Day CHG~0.00%
Published-07 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Action-Not Available
Vendor-[UNKNOWN]Debian GNU/LinuxF5, Inc.Canonical Ltd.openSUSEApple Inc.
Product-ubuntu_linuxdebian_linuxxcodenginxleapnginx
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-1465
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.19% / 89.70%
||
7 Day CHG~0.00%
Published-05 Apr, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelubuntu_linuxn/a
CVE-2015-0847
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-2.55% / 85.21%
||
7 Day CHG~0.00%
Published-29 May, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.

Action-Not Available
Vendor-wouter_verhelstn/aCanonical Ltd.
Product-nbdubuntu_linuxn/a
CVE-2015-1779
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-5.57% / 90.10%
||
7 Day CHG~0.00%
Published-12 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Fedora ProjectDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausqemuenterprise_linux_eusfedoraubuntu_linuxenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxlinuxvirtualizationn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-0361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.75% / 82.24%
||
7 Day CHG~0.00%
Published-07 Jan, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.

Action-Not Available
Vendor-n/aXen ProjectopenSUSE
Product-opensusexenn/a
CVE-2014-9744
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 65.12%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.

Action-Not Available
Vendor-polarssln/aopenSUSE
Product-opensusepolarssln/a
CVE-2014-6416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.84% / 85.91%
||
7 Day CHG~0.00%
Published-28 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0101
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-3.09% / 86.50%
||
7 Day CHG~0.00%
Published-11 Mar, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.F5, Inc.Canonical Ltd.
Product-enterprise_linux_serverbig-iq_adclinux_kernelenterprise_linux_eusbig-ip_enterprise_managerbig-ip_analyticsbig-iq_centralized_managementbig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-iq_securitybig-iq_cloudbig-ip_protocol_security_modulebig-ip_link_controllerenterprise_linux_server_ausbig-ip_edge_gatewaybig-ip_wan_optimization_managerbig-ip_application_acceleration_managerenterprise_linux_desktopubuntu_linuxbig-ip_application_security_managerbig-ip_global_traffic_managerenterprise_linux_server_tusbig-ip_webacceleratorenterprise_linux_workstationbig-iq_devicebig-ip_policy_enforcement_managerbig-ip_access_policy_managern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2007-2833
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.39% / 80.09%
||
7 Day CHG~0.00%
Published-21 Jun, 2007 | 20:00
Updated-07 Aug, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNUMandriva (Mandrakesoft)
Product-mandrake_linux_corporate_servermandrake_linuxemacsdebian_linuxn/a
CVE-2013-4854
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-53.70% / 97.93%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Action-Not Available
Vendor-n/aNovellFreeBSD FoundationInternet Systems Consortium, Inc.Mandriva (Mandrakesoft)Fedora ProjectSlackwareHP Inc.Red Hat, Inc.SUSEopenSUSE
Product-enterprise_linuxdnsco_bindfreebsdfedoraopensusebindsuse_linuxhp-uxslackware_linuxbusiness_serversuse_linux_enterprise_software_development_kitenterprise_servern/a
CVE-2013-3561
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.52% / 80.97%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CVE-2013-2487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.51% / 87.37%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CVE-2013-2112
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-3.70% / 87.69%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.

Action-Not Available
Vendor-collabnetn/aThe Apache Software FoundationopenSUSECanonical Ltd.
Product-subversionopensuseubuntu_linuxn/a
CVE-2013-1059
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-1.14% / 78.05%
||
7 Day CHG~0.00%
Published-08 Jul, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-8804
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.76% / 87.78%
||
7 Day CHG~0.00%
Published-07 May, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2014-7145
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 78.65%
||
7 Day CHG~0.00%
Published-28 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_hpc_nodelinux_kernelubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationn/a
CVE-2014-3673
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.80% / 92.80%
||
7 Day CHG~0.00%
Published-10 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linuxlinux_kernelubuntu_linuxenterprise_mrgevergreensuse_linux_enterprise_serverlinux_enterprise_workstation_extensiondebian_linuxlinuxlinux_enterprise_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • Next
Details not found