Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-3092

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-04 Jul, 2016 | 22:00
Updated At-05 Aug, 2024 | 23:40
Rejected At-
Credits

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:04 Jul, 2016 | 22:00
Updated At:05 Aug, 2024 | 23:40
Rejected At:
▼CVE Numbering Authority (CNA)

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
third-party-advisory
x_refsource_JVNDB
https://security.netapp.com/advisory/ntap-20190212-0001/
x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1743480
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201705-09
vendor-advisory
x_refsource_GENTOO
http://svn.apache.org/viewvc?view=revision&revision=1743738
x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
x_refsource_CONFIRM
http://tomcat.apache.org/security-9.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3024-1
vendor-advisory
x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-2069.html
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1037029
vdb-entry
x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-2068.html
vendor-advisory
x_refsource_REDHAT
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036900
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/91453
vdb-entry
x_refsource_BID
http://tomcat.apache.org/security-8.html
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2072.html
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1743722
x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3611
vendor-advisory
x_refsource_DEBIAN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2807.html
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
vendor-advisory
x_refsource_SUSE
http://jvn.jp/en/jp/JVN89379547/index.html
third-party-advisory
x_refsource_JVN
http://www.securitytracker.com/id/1036427
vdb-entry
x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-2070.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0457.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2808.html
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1039606
vdb-entry
x_refsource_SECTRACK
http://svn.apache.org/viewvc?view=revision&revision=1743742
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2599.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3609
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:0455
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3614
vendor-advisory
x_refsource_DEBIAN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_refsource_CONFIRM
http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
mailing-list
x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2017:0456
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1349468
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2071.html
vendor-advisory
x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3027-1
vendor-advisory
x_refsource_UBUNTU
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
x_refsource_MISC
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://security.gentoo.org/glsa/202107-39
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
Resource:
third-party-advisory
x_refsource_JVNDB
Hyperlink: https://security.netapp.com/advisory/ntap-20190212-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
Resource:
x_refsource_CONFIRM
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743480
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/201705-09
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743738
Resource:
x_refsource_CONFIRM
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
Resource:
x_refsource_CONFIRM
Hyperlink: http://tomcat.apache.org/security-9.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-3024-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2069.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1037029
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2068.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://tomcat.apache.org/security-7.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1036900
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/91453
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://tomcat.apache.org/security-8.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2072.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743722
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2016/dsa-3611
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2807.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://jvn.jp/en/jp/JVN89379547/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://www.securitytracker.com/id/1036427
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2070.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-0457.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2808.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1039606
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743742
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2599.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2016/dsa-3609
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:0455
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2016/dsa-3614
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://access.redhat.com/errata/RHSA-2017:0456
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1349468
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2071.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/USN-3027-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Resource:
x_refsource_MISC
Hyperlink: https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
Hyperlink: https://security.gentoo.org/glsa/202107-39
Resource:
vendor-advisory
x_refsource_GENTOO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
third-party-advisory
x_refsource_JVNDB
x_transferred
https://security.netapp.com/advisory/ntap-20190212-0001/
x_refsource_CONFIRM
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
x_refsource_CONFIRM
x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1743480
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/201705-09
vendor-advisory
x_refsource_GENTOO
x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1743738
x_refsource_CONFIRM
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
x_refsource_CONFIRM
x_transferred
http://tomcat.apache.org/security-9.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-3024-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2069.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1037029
vdb-entry
x_refsource_SECTRACK
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2068.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1036900
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/91453
vdb-entry
x_refsource_BID
x_transferred
http://tomcat.apache.org/security-8.html
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2072.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
x_refsource_CONFIRM
x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1743722
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2016/dsa-3611
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2807.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://jvn.jp/en/jp/JVN89379547/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://www.securitytracker.com/id/1036427
vdb-entry
x_refsource_SECTRACK
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2070.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2017-0457.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2808.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1039606
vdb-entry
x_refsource_SECTRACK
x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1743742
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2599.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2016/dsa-3609
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:0455
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2016/dsa-3614
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_refsource_CONFIRM
x_transferred
http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
mailing-list
x_refsource_MLIST
x_transferred
https://access.redhat.com/errata/RHSA-2017:0456
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1349468
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2071.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.ubuntu.com/usn/USN-3027-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
x_refsource_MISC
x_transferred
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
x_transferred
https://security.gentoo.org/glsa/202107-39
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20190212-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743480
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201705-09
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743738
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://tomcat.apache.org/security-9.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3024-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2069.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1037029
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2068.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://tomcat.apache.org/security-7.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036900
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91453
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://tomcat.apache.org/security-8.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2072.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743722
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3611
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2807.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN89379547/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036427
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2070.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-0457.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2808.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039606
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743742
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2599.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3609
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:0455
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3614
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:0456
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1349468
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2071.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3027-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202107-39
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:04 Jul, 2016 | 22:59
Updated At:12 Apr, 2025 | 10:46

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
HP Inc.
hp
>>icewall_identity_manager>>5.0
cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*
HP Inc.
hp
>>icewall_sso_agent_option>>10.0
cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.0
cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.0
cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.0
cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.0
cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.1
cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.3
cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.5
cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.8
cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.11
cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.12
cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.14
cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.15
cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.17
cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.18
cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.20
cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.21
cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.22
cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.23
cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.24
cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.26
cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.27
cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.28
cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.29
cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.30
cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.32
cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.33
cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.0.35
cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.5.0
cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>8.5.2
cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>commons_fileupload>>Versions up to 1.3.1(inclusive)
cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.0
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.0
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.1
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.2
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.2
cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.4
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.4
cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.5
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>7.0.5
cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN89379547/index.htmlsecalert@redhat.com
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121secalert@redhat.com
VDB Entry
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.htmlsecalert@redhat.com
N/A
http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3Esecalert@redhat.com
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-2068.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-2069.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-2070.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-2071.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-2072.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-2599.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-2807.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-2808.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2017-0457.htmlsecalert@redhat.com
N/A
http://svn.apache.org/viewvc?view=revision&revision=1743480secalert@redhat.com
N/A
http://svn.apache.org/viewvc?view=revision&revision=1743722secalert@redhat.com
Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1743738secalert@redhat.com
Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1743742secalert@redhat.com
Vendor Advisory
http://tomcat.apache.org/security-7.htmlsecalert@redhat.com
Vendor Advisory
http://tomcat.apache.org/security-8.htmlsecalert@redhat.com
Vendor Advisory
http://tomcat.apache.org/security-9.htmlsecalert@redhat.com
Vendor Advisory
http://www.debian.org/security/2016/dsa-3609secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2016/dsa-3611secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2016/dsa-3614secalert@redhat.com
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/91453secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036427secalert@redhat.com
N/A
http://www.securitytracker.com/id/1036900secalert@redhat.com
N/A
http://www.securitytracker.com/id/1037029secalert@redhat.com
N/A
http://www.securitytracker.com/id/1039606secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-3024-1secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-3027-1secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0455secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2017:0456secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1349468secalert@redhat.com
Issue Tracking
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371secalert@redhat.com
Patch
Permissions Required
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840secalert@redhat.com
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759secalert@redhat.com
N/A
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://security.gentoo.org/glsa/201705-09secalert@redhat.com
N/A
https://security.gentoo.org/glsa/202107-39secalert@redhat.com
N/A
https://security.netapp.com/advisory/ntap-20190212-0001/secalert@redhat.com
N/A
https://www.oracle.com/security-alerts/cpuapr2020.htmlsecalert@redhat.com
N/A
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlsecalert@redhat.com
N/A
http://jvn.jp/en/jp/JVN89379547/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121af854a3a-2127-422b-91ae-364da2661108
VDB Entry
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3Eaf854a3a-2127-422b-91ae-364da2661108
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-2068.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-2069.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-2070.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-2071.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-2072.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-2599.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-2807.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-2808.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2017-0457.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://svn.apache.org/viewvc?view=revision&revision=1743480af854a3a-2127-422b-91ae-364da2661108
N/A
http://svn.apache.org/viewvc?view=revision&revision=1743722af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1743738af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1743742af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-7.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-8.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-9.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2016/dsa-3609af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2016/dsa-3611af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2016/dsa-3614af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/91453af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036427af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1036900af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1037029af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1039606af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-3024-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3027-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0455af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2017:0456af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1349468af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371af854a3a-2127-422b-91ae-364da2661108
Patch
Permissions Required
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840af854a3a-2127-422b-91ae-364da2661108
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201705-09af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/202107-39af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20190212-0001/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.oracle.com/security-alerts/cpuapr2020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://jvn.jp/en/jp/JVN89379547/index.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
Source: secalert@redhat.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
Source: secalert@redhat.com
Resource:
Mailing List
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2068.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2069.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2070.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2071.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2072.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2599.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2807.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2808.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-0457.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743480
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743722
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743738
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743742
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-7.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-8.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-9.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3609
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3611
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3614
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/91453
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036427
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036900
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037029
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1039606
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3024-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3027-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:0455
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2017:0456
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1349468
Source: secalert@redhat.com
Resource:
Issue Tracking
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
Source: secalert@redhat.com
Resource:
Patch
Permissions Required
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201705-09
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202107-39
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20190212-0001/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://jvn.jp/en/jp/JVN89379547/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
VDB Entry
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2068.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2069.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2070.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2071.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2072.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2599.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2807.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2808.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-0457.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743480
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743722
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743738
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1743742
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-7.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-8.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-9.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3609
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3611
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3614
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/91453
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036427
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036900
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037029
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1039606
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3024-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3027-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:0455
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2017:0456
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1349468
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Permissions Required
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201705-09
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202107-39
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20190212-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2137Records found
CVE-2009-1424
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.38% / 79.48%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 20:16
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39412, a different vulnerability than CVE-2009-1423 and CVE-2009-1425.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_threat_management_services_zl_moduleprocurve_switch_8200zlprocurve_switch_5400zln/a
CVE-2009-1270
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.50% / 88.68%
||
7 Day CHG~0.00%
Published-08 Apr, 2009 | 16:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

Action-Not Available
Vendor-n/aCanonical Ltd.ClamAVDebian GNU/Linux
Product-ubuntu_linuxclamavdebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-5193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.88% / 82.38%
||
7 Day CHG~0.00%
Published-03 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.

Action-Not Available
Vendor-irssin/aDebian GNU/Linux
Product-debian_linuxirssin/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2009-1425
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.61% / 85.07%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 20:16
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_threat_management_services_zl_moduleprocurve_switch_8200zlprocurve_switch_5400zln/a
CVE-2022-20785
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.85%
||
7 Day CHG~0.00%
Published-04 May, 2022 | 17:05
Updated-06 Nov, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

Action-Not Available
Vendor-ClamAVDebian GNU/LinuxFedora ProjectCisco Systems, Inc.
Product-secure_endpointclamavdebian_linuxfedoraCisco AMP for Endpoints
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2009-1426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.38% / 79.48%
||
7 Day CHG~0.00%
Published-29 Jul, 2009 | 17:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, and G6 servers with ProLiant Onboard Administrator Powered by LO100i (formerly Lights Out 100) 3.07 and earlier allows remote attackers to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_ml150proliant_ml115proliant_dl185proliant_onboard_administratorproliant_dl180proliant_dl160proliant_dl120proliant_ml110proliant_dl165n/a
CVE-2009-1423
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.47% / 80.14%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 20:16
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_threat_management_services_zl_moduleprocurve_switch_8200zlprocurve_switch_5400zln/a
CVE-2013-4133
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.88%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 14:36
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kde-workspace before 4.10.5 has a memory leak in plasma desktop

Action-Not Available
Vendor-KDEDebian GNU/Linux
Product-kde-workspacedebian_linuxkde-workspace
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2006-2806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.41% / 89.75%
||
7 Day CHG~0.00%
Published-05 Jun, 2006 | 17:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-jamesn/a
CVE-2017-14976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.06%
||
7 Day CHG~0.00%
Published-01 Oct, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

Action-Not Available
Vendor-n/afreedesktop.orgDebian GNU/Linux
Product-popplerdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-14977
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.10%
||
7 Day CHG~0.00%
Published-01 Oct, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

Action-Not Available
Vendor-n/afreedesktop.orgDebian GNU/Linux
Product-popplerdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-15033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.86%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-15132
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.30% / 78.94%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 20:00
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxdovecotdovecot
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-14360
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.9||MEDIUM
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-08 Nov, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03791 rev.1 - HPE Content Manager Workgroup Service, Denial of Service (DoS)

A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-content_managerHPE Content Manager Workgroup Service
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-14495
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-60.15% / 98.20%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

Action-Not Available
Vendor-thekelleysn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Novell
Product-enterprise_linux_desktopenterprise_linux_workstationdnsmasqleapdebian_linuxenterprise_linux_serverubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-12626
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.63% / 87.37%
||
7 Day CHG+1.21%
Published-29 Jan, 2018 | 17:00
Updated-16 Sep, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

Action-Not Available
Vendor-The Apache Software Foundation
Product-poiApache POI
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-13765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 77.88%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12174
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-20.49% / 95.34%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-jboss_enterprise_application_platformactivemq_artemishornetqenterprise_linuxHornetQ/Artemis
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-12380
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-8.13% / 91.81%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 20:00
Updated-02 Dec, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.

Action-Not Available
Vendor-n/aDebian GNU/LinuxClamAV
Product-debian_linuxclamavClamAV AntiVirus software versions 0.99.2 and prior
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-11406
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.21%
||
7 Day CHG~0.00%
Published-18 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-12375
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-5.83% / 90.18%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 20:00
Updated-02 Dec, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.

Action-Not Available
Vendor-n/aDebian GNU/LinuxClamAV
Product-debian_linuxclamavClamAV AntiVirus software versions 0.99.2 and prior
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-10810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.64%
||
7 Day CHG~0.00%
Published-04 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-10978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.23% / 83.86%
||
7 Day CHG~0.00%
Published-17 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

Action-Not Available
Vendor-n/aFreeRADIUSDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverfreeradiusenterprise_linux_server_ausn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9897
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-4.95% / 89.25%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxfirefoxfirefox_esrenterprise_linux_workstationFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-41999
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 23:03
Updated-14 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-openimageioOpenImageIO ProjectDebian GNU/Linux
Product-debian_linuxopenimageioOpenImageIO
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-8516
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-6.01% / 90.34%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-systems_insight_managerSystems Insight Manager using OpenSSL
CVE-2016-7800
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.19% / 83.73%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-debian_linuxleapgraphicsmagickopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2016-8518
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-6.01% / 90.34%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-systems_insight_managerSystems Insight Manager using OpenSSL
CVE-2016-9066
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-20.61% / 95.36%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-8682
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.78% / 81.97%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-debian_linuxopensusegraphicsmagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2008-4418
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.05% / 86.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2008 | 15:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2016-6855
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.55% / 84.91%
||
7 Day CHG~0.00%
Published-07 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectThe GNOME ProjectCanonical Ltd.
Product-eye_of_gnomefedoraleapopensuseubuntu_linuxglibn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-6817
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.03%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2016-7044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.93% / 82.65%
||
7 Day CHG~0.00%
Published-27 Sep, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.

Action-Not Available
Vendor-irssin/aDebian GNU/LinuxCanonical Ltd.
Product-irssidebian_linuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.76% / 90.12%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

Action-Not Available
Vendor-n/aDebian GNU/LinuxDigium, Inc.
Product-debian_linuxcertified_asteriskasteriskn/a
CVE-2016-7449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.28% / 86.67%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-debian_linuxleapgraphicsmagickopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-7448
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.16% / 88.22%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-debian_linuxleapgraphicsmagickopensusen/a
CVE-2016-6261
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.50% / 88.69%
||
7 Day CHG~0.00%
Published-07 Sep, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

Action-Not Available
Vendor-n/aGNUopenSUSECanonical Ltd.
Product-libidnleapubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-5360
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-43.17% / 97.41%
||
7 Day CHG-2.91%
Published-30 Jun, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-haproxyn/aCanonical Ltd.
Product-ubuntu_linuxhaproxyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5396
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.81% / 82.07%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Server
CVE-2008-2726
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.57% / 80.79%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Ruby
Product-ubuntu_linuxdebian_linuxrubyn/a
CWE ID-CWE-189
Not Available
CVE-2016-5300
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 82.66%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Action-Not Available
Vendor-libexpat_projectn/aGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxlibexpatandroidn/a
CVE-2008-3537
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.73% / 88.99%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-2008-3543
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.73% / 88.99%
||
7 Day CHG~0.00%
Published-07 Oct, 2008 | 18:27
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-oncplushpuxn/a
CVE-2016-5296
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 84.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-6352
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.78% / 81.96%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

Action-Not Available
Vendor-n/aThe GNOME ProjectopenSUSECanonical Ltd.
Product-gdk-pixbufleapopensuseubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2008-2725
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.57% / 80.79%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Ruby
Product-ubuntu_linuxdebian_linuxrubyn/a
CWE ID-CWE-189
Not Available
CVE-2008-3536
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.73% / 88.99%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-2016-4574
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.

Action-Not Available
Vendor-gnupgn/aopenSUSECanonical Ltd.
Product-leapopensuseubuntu_linuxlibksban/a
CVE-2008-2664
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.01% / 87.99%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Ruby
Product-ubuntu_linuxdebian_linuxrubyn/a
CWE ID-CWE-399
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 42
  • 43
  • Next
Details not found