Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-6908

Summary
Assigner-debian
Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At-11 Sep, 2015 | 16:00
Updated At-06 Aug, 2024 | 07:36
Rejected At-
Credits

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:debian
Assigner Org ID:79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At:11 Sep, 2015 | 16:00
Updated At:06 Aug, 2024 | 07:36
Rejected At:
▼CVE Numbering Authority (CNA)

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/76714
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
x_refsource_CONFIRM
http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
x_refsource_CONFIRM
https://support.apple.com/HT205637
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
vendor-advisory
x_refsource_SUSE
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3356
vendor-advisory
x_refsource_DEBIAN
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
vendor-advisory
x_refsource_APPLE
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2742-1
vendor-advisory
x_refsource_UBUNTU
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1840.html
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1033534
vdb-entry
x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/76714
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.apple.com/HT205637
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2015/dsa-3356
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2742-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1840.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1033534
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/76714
vdb-entry
x_refsource_BID
x_transferred
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
x_refsource_CONFIRM
x_transferred
http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
x_refsource_CONFIRM
x_transferred
https://support.apple.com/HT205637
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2015/dsa-3356
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2742-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1840.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1033534
vdb-entry
x_refsource_SECTRACK
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/76714
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.apple.com/HT205637
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2015/dsa-3356
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2742-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1840.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1033534
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@debian.org
Published At:11 Sep, 2015 | 16:59
Updated At:12 Apr, 2025 | 10:46

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
openldap
openldap
>>openldap>>Versions up to 2.4.42(inclusive)
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions up to 10.11.1(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlsecurity@debian.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.htmlsecurity@debian.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.htmlsecurity@debian.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.htmlsecurity@debian.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.htmlsecurity@debian.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.htmlsecurity@debian.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-1840.htmlsecurity@debian.org
N/A
http://www.debian.org/security/2015/dsa-3356security@debian.org
N/A
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629security@debian.org
N/A
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240security@debian.org
Exploit
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlsecurity@debian.org
N/A
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlsecurity@debian.org
N/A
http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdfsecurity@debian.org
N/A
http://www.securityfocus.com/bid/76714security@debian.org
N/A
http://www.securitytracker.com/id/1033534security@debian.org
N/A
http://www.ubuntu.com/usn/USN-2742-1security@debian.org
N/A
https://support.apple.com/HT205637security@debian.org
N/A
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1840.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2015/dsa-3356af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240af854a3a-2127-422b-91ae-364da2661108
Exploit
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/76714af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1033534af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2742-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/HT205637af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1840.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3356
Source: security@debian.org
Resource: N/A
Hyperlink: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
Source: security@debian.org
Resource: N/A
Hyperlink: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
Source: security@debian.org
Resource:
Exploit
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Source: security@debian.org
Resource: N/A
Hyperlink: http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
Source: security@debian.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/76714
Source: security@debian.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1033534
Source: security@debian.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2742-1
Source: security@debian.org
Resource: N/A
Hyperlink: https://support.apple.com/HT205637
Source: security@debian.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1840.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3356
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/76714
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1033534
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2742-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/HT205637
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1909Records found
CVE-2018-4142
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.01% / 86.28%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0016
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.44% / 80.37%
||
7 Day CHG~0.00%
Published-14 Mar, 2009 | 18:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-ituneswindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2326
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.66% / 91.01%
||
7 Day CHG~0.00%
Published-10 Sep, 2008 | 16:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-bonjourwindows_vistawindows_2003_serverwindows_xpwindows-ntwindows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-10222
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.76%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 05:44
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5879
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.85% / 82.63%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-7667
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.73%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1105
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-6.23% / 90.67%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xtvosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0228
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-18.71% / 95.11%
||
7 Day CHG~0.00%
Published-08 Mar, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

Action-Not Available
Vendor-n/aopenSUSEThe Apache Software FoundationApple Inc.Canonical Ltd.
Product-mac_os_x_serveropensuseubuntu_linuxhttp_servermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-4417
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.82% / 73.94%
||
7 Day CHG~0.00%
Published-18 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1316
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.47% / 64.19%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1828
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.97% / 76.31%
||
7 Day CHG~0.00%
Published-15 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9931
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.71%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:50
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2461
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.08% / 83.62%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ostvoswatchosmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-8665
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.68% / 71.16%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchoswatchOSiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-8516
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.64% / 70.10%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-6219
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.98% / 76.42%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchoswatchOSmacOSiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2332
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.59% / 88.97%
||
7 Day CHG~0.00%
Published-18 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request.

Action-Not Available
Vendor-impactfinancialsn/aApple Inc.
Product-iphone_osimpact_pdf_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1226
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.29% / 88.59%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osiphonen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1379
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.56% / 81.13%
||
7 Day CHG~0.00%
Published-17 Jun, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0496
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.59% / 88.97%
||
7 Day CHG~0.00%
Published-03 Feb, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI.

Action-Not Available
Vendor-freebitn/aApple Inc.
Product-iphone_osserversmann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-2421
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.57% / 81.17%
||
7 Day CHG~0.00%
Published-09 Jul, 2009 | 16:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0744
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.37% / 89.87%
||
7 Day CHG~0.00%
Published-27 Feb, 2009 | 17:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9826
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.05%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:14
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xipadosmacOSiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9914
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.61%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:46
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadostvostvOSiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4474
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.64%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:23
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvossafariicloudiTunes for WindowswatchOSSafariiCloud for WindowsiOStvOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2008-5821
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.58% / 93.48%
||
7 Day CHG~0.00%
Published-02 Jan, 2009 | 19:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-safariwindows_vistan/a
CWE ID-CWE-399
Not Available
CVE-2018-25032
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 00:00
Updated-21 Aug, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Action-Not Available
Vendor-azulgotozlibn/aNetApp, Inc.Fedora ProjectDebian GNU/LinuxSparkle MotionSiemens AGMicrosoft CorporationPython Software FoundationApple Inc.MariaDB Foundation
Product-h410cmacospythonhci_compute_nodeh500s_firmwareh300s_firmwarescalance_sc642-2c_firmwaremac_os_xscalance_sc646-2c_firmwareh700s_firmwaremariadbscalance_sc622-2c_firmwaremanagement_services_for_element_softwarescalance_sc632-2c_firmwarezlibh410sh410s_firmwarenokogiriontap_select_deploy_administration_utilityscalance_sc636-2cfedorawindowsscalance_sc642-2cgotoassisth300sscalance_sc626-2czuluscalance_sc626-2c_firmwarescalance_sc636-2c_firmwareh410c_firmwarescalance_sc646-2cactive_iq_unified_managerscalance_sc622-2ce-series_santricity_os_controllerh700sdebian_linuxscalance_sc632-2ch500soncommand_workflow_automationn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20505
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.73% / 92.30%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:51
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Action-Not Available
Vendor-sqliten/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchossqlitemac_os_xwindowsicloudn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-14155
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.46%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 00:00
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Action-Not Available
Vendor-pcren/aGitLab Inc.Apple Inc.NetApp, Inc.Splunk LLC (Cisco Systems, Inc.)Oracle Corporation
Product-h500scloud_backuph410c_firmwareh300s_firmwarepcreactive_iq_unified_managerh410smacosh300suniversal_forwardercommunications_cloud_native_core_policysteelstore_cloud_integrated_storageclustered_data_ontapontap_select_deploy_administration_utilityh410s_firmwareh700s_firmwareh500s_firmwareh410cgitlabh700sn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2008-3950
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.51% / 90.90%
||
7 Day CHG~0.00%
Published-16 Sep, 2008 | 23:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphoneipod_touchn/a
CWE ID-CWE-189
Not Available
CVE-2016-4447
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.33% / 87.00%
||
7 Day CHG~0.00%
Published-09 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationCanonical Ltd.HP Inc.Microsoft Corporationlibxml2 (XMLSoft)Debian GNU/LinuxMcAfee, LLC
Product-libxml2icewall_federation_agentitunesubuntu_linuxwatchosweb_gatewayvm_serverwindowsdebian_linuxiphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4717
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.20% / 42.25%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2003-0355
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.35% / 57.16%
||
7 Day CHG~0.00%
Published-30 May, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.

Action-Not Available
Vendor-n/aKDEApple Inc.
Product-safarikonqueror_embeddedn/a
CVE-2016-0742
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-80.36% / 99.09%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Apple Inc.Debian GNU/LinuxF5, Inc.Canonical Ltd.
Product-nginxleapubuntu_linuxdebian_linuxxcodesoftware_collectionsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10226
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.76%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 05:44
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-0747
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-33.18% / 96.79%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

Action-Not Available
Vendor-n/aopenSUSEApple Inc.Debian GNU/LinuxF5, Inc.Canonical Ltd.
Product-nginxleapubuntu_linuxdebian_linuxxcoden/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-30715
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.41%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:28
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CVE-2015-7995
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.04% / 86.35%
||
7 Day CHG~0.00%
Published-17 Nov, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

Action-Not Available
Vendor-n/aApple Inc.libxml2 (XMLSoft)
Product-watchoslibxsltiphone_osmac_os_xtvosn/a
CVE-2015-7500
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.25% / 88.54%
||
7 Day CHG~0.00%
Published-15 Dec, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

Action-Not Available
Vendor-n/aApple Inc.Canonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxRed Hat, Inc.
Product-icewall_file_managerenterprise_linux_serverlibxml2enterprise_linux_hpc_nodeicewall_federation_agentwatchosenterprise_linux_desktopubuntu_linuxenterprise_linux_workstationdebian_linuxiphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7760
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.73% / 72.29%
||
7 Day CHG~0.00%
Published-09 Oct, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2007-4812
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.09% / 88.33%
||
7 Day CHG~0.00%
Published-11 Sep, 2007 | 18:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-30698
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.99%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:28
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacossafariipadosmacOSiOS and iPadOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-5917
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.61% / 81.44%
||
7 Day CHG~0.00%
Published-09 Oct, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.

Action-Not Available
Vendor-n/aNetBSDApple Inc.
Product-tnftpdmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4443
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-1.23% / 78.86%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4444.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readermacosacrobat_dcwindowsacrobatn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-4444
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-1.23% / 78.86%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4443.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readermacosacrobat_dcwindowsacrobatn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2007-2163
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.57%
||
7 Day CHG~0.00%
Published-22 Apr, 2007 | 19:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2015-4024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-75.52% / 98.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.Oracle CorporationHP Inc.
Product-enterprise_linuxenterprise_linux_serversolarissystem_management_homepageenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_euslinuxmac_os_xn/a
CVE-2015-4021
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-42.03% / 97.33%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_eusmac_os_xn/a
CVE-2015-3195
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-3.44% / 87.20%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Fedora ProjectApple Inc.OpenSSLDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serversolarislinux_enterprise_serversun_ray_softwarehttp_servercommunications_webrtc_session_controllervm_serverdebian_linuxlinuxtransportation_managemententerprise_linux_server_ausexalogic_infrastructurevm_virtualboxleapopensusefedoraenterprise_linux_desktopubuntu_linuxlife_sciences_data_hubenterprise_linux_server_tusintegrated_lights_out_manager_firmwareenterprise_linux_workstationopensslapi_gatewaymac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3047
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-4.29% / 88.59%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 38
  • 39
  • Next
Details not found