Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-9797

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Dec, 2016 | 06:28
Updated At-06 Aug, 2024 | 02:59
Rejected At-
Credits

In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Dec, 2016 | 06:28
Updated At:06 Aug, 2024 | 02:59
Rejected At:
▼CVE Numbering Authority (CNA)

In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.spinics.net/lists/linux-bluetooth/msg68892.html
x_refsource_MISC
http://www.securityfocus.com/bid/94652
vdb-entry
x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
vendor-advisory
x_refsource_SUSE
Hyperlink: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/94652
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.spinics.net/lists/linux-bluetooth/msg68892.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/94652
vdb-entry
x_refsource_BID
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/94652
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Dec, 2016 | 06:59
Updated At:06 May, 2026 | 22:30

In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

BlueZ
bluez
>>bluez>>5.42
cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-125Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/94652cve@mitre.org
Third Party Advisory
VDB Entry
https://www.spinics.net/lists/linux-bluetooth/msg68892.htmlcve@mitre.org
Exploit
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/94652af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://www.spinics.net/lists/linux-bluetooth/msg68892.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/94652
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/94652
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1049Records found

CVE-2016-5043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.38% / 90.11%
||
7 Day CHG~0.00%
Published-17 Feb, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.

Action-Not Available
Vendor-libdwarf_projectn/a
Product-libdwarfn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-2917
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.46% / 70.40%
||
7 Day CHG~0.00%
Published-02 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2801
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5||MEDIUM
EPSS-1.36% / 68.32%
||
7 Day CHG~0.00%
Published-22 Aug, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packets that trigger an invalid read operation.

Action-Not Available
Vendor-osisoftn/a
Product-pi_interfacen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-24339
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.76% / 84.48%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 22:53
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service.

Action-Not Available
Vendor-altrann/a
Product-picotcppicotcp-ngn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-2877
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-4.73% / 90.76%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Action-Not Available
Vendor-n/aGoogle LLClibxml2 (XMLSoft)
Product-chromelibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2110
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.75% / 93.17%
||
7 Day CHG~0.00%
Published-21 Jun, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1914
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.11% / 89.54%
||
7 Day CHG~0.00%
Published-29 Apr, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2254
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.09% / 89.50%
||
7 Day CHG~0.00%
Published-17 Oct, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-slingorg.apache.sling.servlets.postn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1861
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-18.68% / 96.92%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationopenSUSEOracle CorporationSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopmariadbmysqlopensuselinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0888
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.56% / 72.17%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-1230
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.34%
||
7 Day CHG~0.00%
Published-01 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_domain_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1174
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.34%
||
7 Day CHG~0.00%
Published-05 Apr, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration Mediation (HCM) in Cisco Hosted Collaboration Solution allows remote attackers to cause a denial of service (temporary service hang) by sending many TCP packets to certain ports, aka Bug ID CSCue03703.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hosted_collaboration_solutionn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-1863
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.16%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 22:01
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg6000v_firmwareusg6000vHuawei USG6000V
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-0917
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.09% / 61.28%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-17445
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.94% / 85.41%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 22:33
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in Denial-of-Service in pico_ipv6_process_destopt() in pico_ipv6.c.

Action-Not Available
Vendor-altrann/a
Product-picotcpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-1138
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.50% / 71.10%
||
7 Day CHG~0.00%
Published-25 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwareadaptive_security_appliancen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-5342
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.73% / 49.94%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 14:30
Updated-29 Apr, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds

A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.

Action-Not Available
Vendor-librawn/a
Product-librawLibRaw
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-0242
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.85% / 85.00%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.03% / 85.87%
||
7 Day CHG~0.00%
Published-04 Jan, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-certified_asteriskasteriskn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.67% / 73.91%
||
7 Day CHG~0.00%
Published-24 Dec, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 77.97%
||
7 Day CHG~0.00%
Published-11 Apr, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.

Action-Not Available
Vendor-dhcpcd_projectn/aDebian GNU/Linux
Product-debian_linuxdhcpcdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6128
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.65% / 83.77%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.

Action-Not Available
Vendor-infradeadn/a
Product-openconnectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6698
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 77.97%
||
7 Day CHG~0.00%
Published-11 Apr, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.

Action-Not Available
Vendor-dhcpcd_projectn/aDebian GNU/Linux
Product-debian_linuxdhcpcdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 77.97%
||
7 Day CHG~0.00%
Published-11 Apr, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.

Action-Not Available
Vendor-dhcpcd_projectn/aDebian GNU/Linux
Product-debian_linuxdhcpcdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0183
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.78% / 88.63%
||
7 Day CHG~0.00%
Published-01 Mar, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

Action-Not Available
Vendor-rack_projectn/a
Product-rackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0189
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-23.03% / 97.47%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.
Product-ubuntu_linuxsquidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0220
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.32% / 87.11%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.

Action-Not Available
Vendor-n/aFedora Project
Product-sssdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6352
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-1.55% / 72.11%
||
7 Day CHG~0.00%
Published-02 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_connectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0145
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-8.87% / 94.58%
||
7 Day CHG~0.00%
Published-19 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.

Action-Not Available
Vendor-vercotn/a
Product-serva32n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5123
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.43% / 69.74%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5152
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.06% / 60.47%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4575
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.13% / 79.68%
||
7 Day CHG~0.00%
Published-18 Nov, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

Action-Not Available
Vendor-pgbouncer_projectn/aThe PostgreSQL Global Development Group
Product-pgbouncerpostgresqln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5130
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.46% / 70.40%
||
7 Day CHG~0.00%
Published-28 Nov, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-5451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.99% / 89.25%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

Action-Not Available
Vendor-tvmobilin/a
Product-tvmobilin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.47% / 82.53%
||
7 Day CHG~0.00%
Published-09 Oct, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.

Action-Not Available
Vendor-kepler_lamn/a
Product-iptoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4460
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.18% / 86.51%
||
7 Day CHG~0.00%
Published-12 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-qpidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1616
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.42% / 82.14%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-19 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in process crashes and a DoS condition on the device. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25), 8.1(1b), 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5) Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). UCS 6200, 6300, and 6400 Fabric Interconnects are affected running software versions prior to 3.2(3j) and 4.0(2a).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_9000ucs_6300nexus_9500mds_9000nx-osnexus_3000nexus_3600ucs_6400ucs_6200nexus_7000nexus_7700MDS 9000 Series Multilayer SwitchesNexus 3600 Platform SwitchesNexus 9000 Series Switches in Standalone NX-OS ModeNexus 7000 and 7700 Series SwitchesNexus 3500 Platform SwitchesUCS 6200, 6300, and 6400 Fabric InterconnectsNexus 3000 Series SwitchesNexus 9500 R-Series Line Cards and Fabric Modules
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.31% / 87.05%
||
7 Day CHG~0.00%
Published-03 Jul, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request.

Action-Not Available
Vendor-lan_messengern/a
Product-lan_messenger1.2.28n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.22% / 95.42%
||
7 Day CHG~0.00%
Published-25 Jun, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt.

Action-Not Available
Vendor-pro-facen/a
Product-pro-server_exwingp_pc_runtimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4428
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.57% / 94.88%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 17:41
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Action-Not Available
Vendor-openslpopenslp-dfsgCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxopenslpdebian_linuxfedoraopenslp-dfsg
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-3501
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.33% / 87.15%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A.

Action-Not Available
Vendor-daroldn/a
Product-squidclamavn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3915
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.22% / 64.96%
||
7 Day CHG~0.00%
Published-16 Sep, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3794
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-22.03% / 97.37%
||
7 Day CHG~0.00%
Published-25 Jun, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory.

Action-Not Available
Vendor-pro-facen/a
Product-pro-server_exwingp_pc_runtimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3745
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-2.36% / 81.73%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3444
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.77% / 75.47%
||
7 Day CHG~0.00%
Published-31 Jul, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

Action-Not Available
Vendor-n/aDjango
Product-djangon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3901
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.22% / 64.96%
||
7 Day CHG~0.00%
Published-16 Sep, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ips_4270-20ips_4255ips_4240ips_4260ips_4250_sxintrusion_prevention_systemn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3518
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.77% / 84.60%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.33% / 81.43%
||
7 Day CHG~0.00%
Published-04 Oct, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request.

Action-Not Available
Vendor-dartn/a
Product-powertcp_activexn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3364
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.69% / 90.68%
||
7 Day CHG~0.00%
Published-22 Jan, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3795
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.22% / 95.42%
||
7 Day CHG~0.00%
Published-25 Jun, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field.

Action-Not Available
Vendor-pro-facen/a
Product-pro-server_exwingp_pc_runtimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 20
  • 21
  • Next
Details not found