Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-4953

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Jul, 2016 | 01:00
Updated At-06 Aug, 2024 | 00:46
Rejected At-
Credits

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Jul, 2016 | 01:00
Updated At:06 Aug, 2024 | 00:46
Rejected At:
▼CVE Numbering Authority (CNA)

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/bid/91010
vdb-entry
x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
vendor-advisory
x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
vendor-advisory
x_refsource_FREEBSD
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
vendor-advisory
x_refsource_SUSE
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us
x_refsource_CONFIRM
http://support.ntp.org/bin/view/Main/NtpBug3045
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036037
vdb-entry
x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
vendor-advisory
x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
vendor-advisory
x_refsource_SUSE
http://www.kb.cert.org/vuls/id/321640
third-party-advisory
x_refsource_CERT-VN
http://support.ntp.org/bin/view/Main/SecurityNotice
x_refsource_CONFIRM
http://bugs.ntp.org/3045
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201607-15
vendor-advisory
x_refsource_GENTOO
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
x_refsource_MISC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
vendor-advisory
x_refsource_CISCO
http://www.securityfocus.com/archive/1/540683/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/archive/1/538599/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/538600/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://www.kb.cert.org/vuls/id/321640
third-party-advisory
x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
x_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
x_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/91010
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.ntp.org/bin/view/Main/NtpBug3045
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1036037
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.kb.cert.org/vuls/id/321640
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://support.ntp.org/bin/view/Main/SecurityNotice
Resource:
x_refsource_CONFIRM
Hyperlink: http://bugs.ntp.org/3045
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201607-15
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
Resource:
x_refsource_MISC
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.securityfocus.com/archive/1/540683/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/archive/1/538599/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/538600/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://www.kb.cert.org/vuls/id/321640
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Resource:
x_refsource_CONFIRM
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/bid/91010
vdb-entry
x_refsource_BID
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us
x_refsource_CONFIRM
x_transferred
http://support.ntp.org/bin/view/Main/NtpBug3045
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1036037
vdb-entry
x_refsource_SECTRACK
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.kb.cert.org/vuls/id/321640
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://support.ntp.org/bin/view/Main/SecurityNotice
x_refsource_CONFIRM
x_transferred
http://bugs.ntp.org/3045
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201607-15
vendor-advisory
x_refsource_GENTOO
x_transferred
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
x_refsource_MISC
x_transferred
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
vendor-advisory
x_refsource_CISCO
x_transferred
http://www.securityfocus.com/archive/1/540683/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/archive/1/538599/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/538600/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://www.kb.cert.org/vuls/id/321640
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
x_refsource_CONFIRM
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
x_refsource_CONFIRM
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
x_refsource_CONFIRM
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91010
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.ntp.org/bin/view/Main/NtpBug3045
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036037
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/321640
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://support.ntp.org/bin/view/Main/SecurityNotice
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://bugs.ntp.org/3045
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201607-15
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/540683/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/538599/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/538600/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/321640
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Jul, 2016 | 01:59
Updated At:12 Apr, 2025 | 10:46

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
ntp
ntp
>>ntp>>Versions from 4.2.0(inclusive) to 4.2.8(exclusive)
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
ntp
ntp
>>ntp>>Versions from 4.3.0(inclusive) to 4.3.93(exclusive)
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*
ntp
ntp
>>ntp>>4.2.8
cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
Oracle Corporation
oracle
>>solaris>>10
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>solaris>>11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
SUSE
suse
>>manager>>2.1
cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*
SUSE
suse
>>manager_proxy>>2.1
cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*
SUSE
suse
>>openstack_cloud>>5
cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_desktop>>12
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>12
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_net_cp_443-1_opc_ua_firmware>>*
cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_net_cp_443-1_opc_ua>>-
cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>tim_4r-ie_firmware>>*
cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>tim_4r-ie>>-
cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>tim_4r-ie_dnp3_firmware>>*
cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>tim_4r-ie_dnp3>>-
cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.ntp.org/3045cve@mitre.org
Issue Tracking
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlcve@mitre.org
N/A
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.htmlcve@mitre.org
N/A
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.htmlcve@mitre.org
N/A
http://support.ntp.org/bin/view/Main/NtpBug3045cve@mitre.org
Patch
Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNoticecve@mitre.org
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpdcve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/321640cve@mitre.org
Third Party Advisory
US Government Resource
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/archive/1/538599/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/538600/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/540683/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/91010cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036037cve@mitre.org
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfcve@mitre.org
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfcve@mitre.org
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_uscve@mitre.org
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asccve@mitre.org
Third Party Advisory
https://security.gentoo.org/glsa/201607-15cve@mitre.org
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11cve@mitre.org
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11cve@mitre.org
N/A
https://www.kb.cert.org/vuls/id/321640cve@mitre.org
N/A
http://bugs.ntp.org/3045af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://support.ntp.org/bin/view/Main/NtpBug3045af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNoticeaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpdaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/321640af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/538599/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/538600/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/540683/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/91010af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036037af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.gentoo.org/glsa/201607-15af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.kb.cert.org/vuls/id/321640af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.ntp.org/3045
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.ntp.org/bin/view/Main/NtpBug3045
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.ntp.org/bin/view/Main/SecurityNotice
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/321640
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/538599/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/538600/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/540683/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/91010
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036037
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201607-15
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/321640
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://bugs.ntp.org/3045
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.ntp.org/bin/view/Main/NtpBug3045
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.ntp.org/bin/view/Main/SecurityNotice
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/321640
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/538599/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/538600/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/540683/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/91010
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036037
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_us
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201607-15
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/321640
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2022-33736
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.49%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.

Action-Not Available
Vendor-Siemens AG
Product-opcenter_qualityOpcenter Quality V13.1Opcenter Quality V13.2
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2019-18319
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-18318
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-18317
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-0205
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.01%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 22:32
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software FoundationOracle Corporation
Product-thriftjboss_enterprise_application_platformcommunications_cloud_native_core_network_slice_selection_functionenterprise_linux_serverApache Thrift
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-0253
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.62% / 90.81%
||
7 Day CHG~0.00%
Published-20 Jul, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Action-Not Available
Vendor-n/aThe Apache Software FoundationApple Inc.Oracle Corporation
Product-mac_os_x_serversolarishttp_serverlinuxmac_os_xn/a
CVE-2002-0856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.74% / 71.91%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serveroracle9in/a
CVE-2002-0102
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.36%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_server_web_cachen/a
CVE-2002-0509
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.86% / 74.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2002-0566
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.55% / 80.64%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serverapplication_server_web_cacheoracle9in/a
CVE-2011-4461
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-4.50% / 88.68%
||
7 Day CHG~0.00%
Published-30 Dec, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Action-Not Available
Vendor-mortbayn/aOracle Corporation
Product-sun_storage_common_array_managerjettyn/a
CVE-2002-0122
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.32% / 79.02%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters.

Action-Not Available
Vendor-n/aSiemens AG
Product-3568i_wapn/a
CVE-2002-0386
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-44.08% / 97.45%
||
7 Day CHG~0.00%
Published-29 Oct, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2016-2181
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-18.20% / 94.94%
||
7 Day CHG~0.00%
Published-16 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

Action-Not Available
Vendor-n/aOracle CorporationOpenSSL
Product-openssllinuxn/a
CVE-2001-0517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.62%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8in/a
CVE-2019-0233
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-7.78% / 91.58%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 16:50
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-financial_services_data_integration_hubstrutsmysql_enterprise_monitorfinancial_services_market_risk_measurement_and_managementcommunications_policy_managementApache Struts
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2001-0513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.90% / 74.73%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2019-0210
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.58%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 22:22
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software FoundationOracle Corporation
Product-thriftjboss_enterprise_application_platformcommunications_cloud_native_core_network_slice_selection_functionenterprise_linux_serverApache Thrift
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-0222
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.30% / 92.87%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 21:16
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Action-Not Available
Vendor-The Apache Software FoundationNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-communications_diameter_signaling_routerdebian_linuxenterprise_repositoryidentity_manager_connectorgoldengate_stream_analyticsactivemqe-series_santricity_web_servicesenterprise_manager_base_platformApache ActiveMQ
CVE-2001-0515
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.54% / 66.67%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8idatabase_servern/a
CVE-2016-4049
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.16% / 83.61%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

Action-Not Available
Vendor-quaggan/aopenSUSE
Product-leapopensusequaggan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3566
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.65% / 69.88%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2011-2241
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.58%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2016-4348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.22%
||
7 Day CHG+1.16%
Published-20 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

Action-Not Available
Vendor-n/aThe GNOME ProjectDebian GNU/LinuxopenSUSE
Product-debian_linuxleapopensuselibrsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.01% / 88.00%
||
7 Day CHG~0.00%
Published-22 Mar, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.

Action-Not Available
Vendor-n/aSlackwareSUSE
Product-slackware_linuxsuse_linuxn/a
CVE-2016-4556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-39.41% / 97.19%
||
7 Day CHG~0.00%
Published-10 May, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

Action-Not Available
Vendor-n/aSquid CacheOracle CorporationCanonical Ltd.
Product-squidlinuxubuntu_linuxn/a
CVE-1999-1068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.42% / 61.17%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.

Action-Not Available
Vendor-n/aOracle Corporation
Product-http_servern/a
CVE-2018-8956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.31% / 78.93%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 18:03
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.

Action-Not Available
Vendor-ntpn/a
Product-ntpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2105
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-62.17% / 98.29%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)openSUSERed Hat, Inc.Apple Inc.OpenSSLDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausdebian_linuxenterprise_linux_hpc_nodeleapopensusemysqlenterprise_linux_desktopubuntu_linuxenterprise_linux_server_eusenterprise_linux_workstationopensslenterprise_linux_hpc_node_eusmac_os_xnode.jsn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-3445
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.55% / 80.65%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CVE-2017-10347
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.22%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storagedebian_linuxenterprise_linux_servercloud_backupenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2010-0910
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.19%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-timesten_in-memory_databasen/a
CVE-2010-0856
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.2 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2016-3627
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.46%
||
7 Day CHG~0.00%
Published-17 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

Action-Not Available
Vendor-n/aOracle CorporationCanonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-icewall_file_managerenterprise_linux_serverenterprise_linux_server_aussolarislibxml2enterprise_linux_eusleapicewall_federation_agentubuntu_linuxenterprise_linux_desktopjboss_core_servicesvm_serverenterprise_linux_workstationdebian_linuxn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-7184
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.02% / 90.35%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.NetApp, Inc.Synology, Inc.Slackware
Product-vs960hd_firmwarevirtual_diskstation_managerslackware_linuxcloud_backupsteelstore_cloud_integrated_storagediskstation_managerubuntu_linuxrouter_managerskynasntpn/a
CVE-2021-35620
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.53% / 84.83%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2011-0846
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.65% / 69.88%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_java_system_access_manager_policy_agentn/a
CVE-2016-2179
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-18.40% / 94.98%
||
7 Day CHG~0.00%
Published-16 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

Action-Not Available
Vendor-n/aOracle CorporationOpenSSL
Product-openssllinuxn/a
CVE-2010-0074
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.58%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 01:00
Updated-07 Aug, 2024 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-bea_product_suiten/a
CVE-2010-0211
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-42.37% / 97.36%
||
7 Day CHG-0.26%
Published-27 Jul, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Action-Not Available
Vendor-openldapn/aVMware (Broadcom Inc.)openSUSEApple Inc.
Product-openldapopensuseesximac_os_xmac_os_x_servern/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2018-7185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.47% / 93.65%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.Synology, Inc.Hewlett Packard Enterprise (HPE)NetApp, Inc.Oracle Corporation
Product-fujitsu_m12-2vs960hd_firmwarefujitsu_m12-2_firmwarefujitsu_m10-4fujitsu_m10-1_firmwarediskstation_managerfujitsu_m12-2subuntu_linuxntpfujitsu_m10-1fujitsu_m10-4_firmwarefujitsu_m10-4svs960hdhpux-ntpfujitsu_m12-1virtual_diskstation_managerfujitsu_m12-2s_firmwarefujitsu_m12-1_firmwarefujitsu_m10-4s_firmwaresolidfirerouter_managerskynashcin/a
CVE-2016-1547
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5.3||MEDIUM
EPSS-1.88% / 82.40%
||
7 Day CHG~0.00%
Published-06 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Action-Not Available
Vendor-ntpNTPsec ProjectNTP Project
Product-ntpNTPNTPSec
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0190
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-24.87% / 95.94%
||
7 Day CHG+1.85%
Published-30 Jan, 2019 | 22:00
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

Action-Not Available
Vendor-OpenSSLThe Apache Software FoundationOracle Corporation
Product-http_serveropensslinstantis_enterprisetrackretail_xstore_point_of_servicehospitality_guest_accessenterprise_manager_ops_centerApache HTTP Server
CVE-2011-0806
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.19%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle CorporationMicrosoft Corporation
Product-windowsdatabase_servern/a
CVE-2016-2180
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.38% / 88.52%
||
7 Day CHG~0.00%
Published-01 Aug, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

Action-Not Available
Vendor-n/aOracle CorporationOpenSSL
Product-openssllinuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-4416
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-2.08% / 83.27%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party researcher that this is a buffer overflow via a crafted XML soap request and a value that does not contain the expected 0x20 terminator character.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2020-12066
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.55% / 88.75%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:20
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

Action-Not Available
Vendor-teeworldsn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorabackports_sleteeworldsleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7182
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.14% / 91.81%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

Action-Not Available
Vendor-ntpn/aNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxntpelement_softwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-1234
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-1.18% / 77.89%
||
7 Day CHG~0.00%
Published-01 Jun, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

Action-Not Available
Vendor-n/aGNUFedora ProjectopenSUSE
Product-leapfedoraopensuseglibcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1254
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-3.04% / 86.12%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Action-Not Available
Vendor-torprojectn/aopenSUSEDebian GNU/LinuxFedora Project
Product-torfedoraleapdebian_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Details not found