Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-2315

Summary
Assigner-juniper
Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At-24 Apr, 2017 | 15:00
Updated At-05 Aug, 2024 | 13:48
Rejected At-
Credits

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:juniper
Assigner Org ID:8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At:24 Apr, 2017 | 15:00
Updated At:05 Aug, 2024 | 13:48
Rejected At:
▼CVE Numbering Authority (CNA)

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.

Affected Products
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS on EX series Ethernet Switches with IPv6 enabled
Versions
Affected
  • 12.3 prior to 12.3R12-S4, 12.3R13
  • 13.3 prior to 13.3R10
  • 14.1 prior to 14.1R8-S3, 14.1R9
  • 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40
  • 14.1X55 prior to 14.1X55-D35
  • 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8
  • 15.1 prior to 15.1R5
  • 16.1 before 16.1R3
  • 16.2 before 16.2R1-S3, 16.2R2
  • 17.1R1 and all subsequent releases have a resolution for this vulnerability
Problem Types
TypeCWE IDDescription
textN/Adenial of service vulnerability due to memory leak
Type: text
CWE ID: N/A
Description: denial of service vulnerability due to memory leak
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1038253
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/97615
vdb-entry
x_refsource_BID
https://kb.juniper.net/JSA10781
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1038253
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/97615
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://kb.juniper.net/JSA10781
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1038253
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/97615
vdb-entry
x_refsource_BID
x_transferred
https://kb.juniper.net/JSA10781
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1038253
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97615
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://kb.juniper.net/JSA10781
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sirt@juniper.net
Published At:24 Apr, 2017 | 15:59
Updated At:20 Apr, 2025 | 01:37

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r13:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r8:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.3
cpe:2.3:o:juniper:junos:12.3:r9:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r7:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r8:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.3
cpe:2.3:o:juniper:junos:13.3:r9:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r7:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1
cpe:2.3:o:juniper:junos:14.1:r9:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1x53
cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1x53
cpe:2.3:o:juniper:junos:14.1x53:d40:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1x55
cpe:2.3:o:juniper:junos:14.1x55:d35:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.2
cpe:2.3:o:juniper:junos:14.2:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.2
cpe:2.3:o:juniper:junos:14.2:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.2
cpe:2.3:o:juniper:junos:14.2:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.2
cpe:2.3:o:juniper:junos:14.2:r4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.2
cpe:2.3:o:juniper:junos:14.2:r5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.2
cpe:2.3:o:juniper:junos:14.2:r7:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.2
cpe:2.3:o:juniper:junos:14.2:r8:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>15.1
cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>16.1
cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>16.2
cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.1
cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-772Primarynvd@nist.gov
CWE ID: CWE-772
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/97615sirt@juniper.net
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038253sirt@juniper.net
N/A
https://kb.juniper.net/JSA10781sirt@juniper.net
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/97615af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038253af854a3a-2127-422b-91ae-364da2661108
N/A
https://kb.juniper.net/JSA10781af854a3a-2127-422b-91ae-364da2661108
Mitigation
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/97615
Source: sirt@juniper.net
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1038253
Source: sirt@juniper.net
Resource: N/A
Hyperlink: https://kb.juniper.net/JSA10781
Source: sirt@juniper.net
Resource:
Mitigation
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/97615
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1038253
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://kb.juniper.net/JSA10781
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

159Records found
CVE-2017-6384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.31% / 78.98%
||
7 Day CHG~0.00%
Published-02 Mar, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.

Action-Not Available
Vendor-athemen/a
Product-athemen/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-5507
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-11.40% / 93.30%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17256
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.68%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a memory leak vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwareusg9560_firmwareviewpoint_9030ips_modulear3200_firmwarear2200te60viewpoint_8660_firmwaresrg3300nip6300_firmwarete30netengine16exar120-s_firmwareusg9560svn5800-c_firmwarengfw_moduledp300ar200-sar120-sar510usg9520ar150-ssemg9811_firmwarete60_firmwaresrg2300secospace_usg6500_firmwaresvn5800ar150_firmwareips_module_firmwaresecospace_usg6600_firmwarear3600ar3200semg9811usg6000vdp300_firmwarear200-s_firmwaretp3106_firmwaresvn5600ar160_firmwareusg6000v_firmwarevp9660_firmwareusg9520_firmwareusg9580netengine16ex_firmwaresecospace_usg6600viewpoint_9030_firmwarear1200te30_firmwarevp9660srg1300srg1300_firmwaresecospace_usg6300srg3300_firmwaresrg2300_firmwarete40ar1200-s_firmwareusg9500te50rse6500nip6600usg9580_firmwarenip6800_firmwaretp3106ar160nip6300secospace_usg6500usg9500_firmwaresvn5800_firmwarear2200-stp3206tp3206_firmwaresvn5600_firmwarear510_firmwarear150-s_firmwarear1200-sar150ngfw_module_firmwarear1200_firmwarear200ar3600_firmwarear2200-s_firmwarenip6800te40_firmwarerse6500_firmwareviewpoint_8660ar200_firmwarenip6600_firmwaresvn5800-cte50_firmwaresecospace_usg6300_firmwareAR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, AR510, DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, NetEngine16EX, RSE6500, SRG1300, SRG2300, SRG3300, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300, Secospace USG6500, Secospace USG6600, TE30, TE40, TE50, TE60, TP3106, TP3206, USG6000V, USG9500, USG9520, USG9560, USG9580, VP9660, ViewPoint 8660, ViewPoint 9030
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-15132
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.30% / 78.93%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 20:00
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxdovecotdovecot
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-15268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.75%
||
7 Day CHG~0.00%
Published-12 Oct, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-22883
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-87.36% / 99.42%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:38
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Oracle CorporationNetApp, Inc.Siemens AGFedora Project
Product-sinec_infrastructure_network_servicespeoplesoft_enterprise_peopletoolsgraalvme-series_performance_analyzermysql_clusternosql_databasefedorajd_edwards_enterpriseone_toolsnode.jsNode
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-15189
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.50%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-13196
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-3.01% / 86.06%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 23:00
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-0818
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-03 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found