Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-12698

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Jun, 2018 | 22:00
Updated At-05 Aug, 2024 | 08:45
Rejected At-
Credits

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Jun, 2018 | 22:00
Updated At:05 Aug, 2024 | 08:45
Rejected At:
ā–¼CVE Numbering Authority (CNA)

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
x_refsource_MISC
https://sourceware.org/bugzilla/show_bug.cgi?id=23057
x_refsource_MISC
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
x_refsource_MISC
http://www.securityfocus.com/bid/104539
vdb-entry
x_refsource_BID
https://security.gentoo.org/glsa/201908-01
vendor-advisory
x_refsource_GENTOO
https://usn.ubuntu.com/4326-1/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4336-1/
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
Resource:
x_refsource_MISC
Hyperlink: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
Resource:
x_refsource_MISC
Hyperlink: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/104539
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://security.gentoo.org/glsa/201908-01
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://usn.ubuntu.com/4326-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://usn.ubuntu.com/4336-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
x_refsource_MISC
x_transferred
https://sourceware.org/bugzilla/show_bug.cgi?id=23057
x_refsource_MISC
x_transferred
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/104539
vdb-entry
x_refsource_BID
x_transferred
https://security.gentoo.org/glsa/201908-01
vendor-advisory
x_refsource_GENTOO
x_transferred
https://usn.ubuntu.com/4326-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4336-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/104539
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201908-01
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://usn.ubuntu.com/4326-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://usn.ubuntu.com/4336-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Jun, 2018 | 23:29
Updated At:03 Oct, 2019 | 00:03

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

GNU
gnu
>>binutils>>2.30
cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04.4
cpe:2.3:o:canonical:ubuntu_linux:16.04.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/104539cve@mitre.org
Third Party Advisory
VDB Entry
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102cve@mitre.org
Exploit
Third Party Advisory
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454cve@mitre.org
Exploit
Issue Tracking
Vendor Advisory
https://security.gentoo.org/glsa/201908-01cve@mitre.org
N/A
https://sourceware.org/bugzilla/show_bug.cgi?id=23057cve@mitre.org
Exploit
Issue Tracking
Third Party Advisory
https://usn.ubuntu.com/4326-1/cve@mitre.org
N/A
https://usn.ubuntu.com/4336-1/cve@mitre.org
N/A
Hyperlink: http://www.securityfocus.com/bid/104539
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201908-01
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4326-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4336-1/
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

474Records found

CVE-2020-3481
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.20% / 86.59%
||
7 Day CHG~0.00%
Published-20 Jul, 2020 | 17:45
Updated-13 Nov, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Software Null Pointer Dereference Vulnerability

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectClamAVCanonical Ltd.Cisco Systems, Inc.
Product-ubuntu_linuxclamavdebian_linuxfedoraClamAV
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-1943
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.07% / 91.29%
||
7 Day CHG+0.14%
Published-18 Feb, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

Action-Not Available
Vendor-fine_free_file_projectn/aCanonical Ltd.The PHP GroupDebian GNU/Linux
Product-debian_linuxfine_free_fileubuntu_linuxphpn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-29573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.51%
||
7 Day CHG~0.00%
Published-05 Dec, 2020 | 23:18
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNU
Product-glibcenterprise_linuxsolidfire_baseboard_management_controllercloud_backupn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-1285
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.16% / 96.85%
||
7 Day CHG~0.00%
Published-06 Mar, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSENovellRed Hat, Inc.The PHP Group
Product-ubuntu_linuxenterprise_linux_serverenterprise_linux_workstationphpsuse_linuxenterprise_linux_desktoplinux_enterprise_servern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2007-1349
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.11% / 95.08%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationRed Hat, Inc.
Product-ubuntu_linuxsatelliteenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopmod_perlenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16163
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.75% / 84.42%
||
7 Day CHG-0.08%
Published-09 Sep, 2019 | 15:38
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxonigurumadebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2013-6424
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.88% / 85.14%
||
7 Day CHG~0.00%
Published-18 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Action-Not Available
Vendor-pixmann/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxpixmanopensusen/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2014-0098
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-26.00% / 97.73%
||
7 Day CHG~0.00%
Published-18 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationOracle Corporation
Product-secure_global_desktopubuntu_linuxhttp_servern/a
CVE-2013-6425
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.88% / 85.15%
||
7 Day CHG~0.00%
Published-18 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Action-Not Available
Vendor-pixmann/aCanonical Ltd.openSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoppixmanenterprise_linux_server_ausenterprise_linux_eusopensusen/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2013-6438
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-26.83% / 97.79%
||
7 Day CHG~0.00%
Published-18 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationOracle Corporation
Product-ubuntu_linuxhttp_servern/a
CVE-2013-4466
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.98% / 78.09%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.

Action-Not Available
Vendor-n/aGNU
Product-gnutlsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4474
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.48% / 95.20%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

Action-Not Available
Vendor-n/afreedesktop.orgCanonical Ltd.
Product-ubuntu_linuxpopplern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4402
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-5.03% / 91.22%
||
7 Day CHG~0.00%
Published-28 Oct, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

Action-Not Available
Vendor-gnupgn/aCanonical Ltd.
Product-ubuntu_linuxgnupgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4130
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.63% / 83.65%
||
7 Day CHG~0.00%
Published-20 Aug, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.

Action-Not Available
Vendor-spice_projectn/aCanonical Ltd.
Product-spiceubuntu_linuxn/a
CVE-2013-4357
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.23% / 86.70%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 18:34
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Action-Not Available
Vendor-eglibceglibcDebian GNU/LinuxFedora ProjectNovellCanonical Ltd.
Product-ubuntu_linuxdebian_linuxfedorasuse_linux_enterprise_servereglibceglibc
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2013-4458
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.15% / 89.63%
||
7 Day CHG~0.00%
Published-12 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Action-Not Available
Vendor-n/aSUSEGNU
Product-linux_enterprise_serverglibclinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4487
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.92% / 77.42%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.

Action-Not Available
Vendor-n/aopenSUSEGNU
Product-gnutlsopensusen/a
CVE-2013-4412
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.93% / 85.41%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 12:44
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slim has NULL pointer dereference when using crypt() method from glibc 2.17

Action-Not Available
Vendor-berliosslimDebian GNU/LinuxGNU
Product-glibcslimdebian_linuxslim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-4124
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-69.01% / 99.27%
||
7 Day CHG~0.00%
Published-05 Aug, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESambaRed Hat, Inc.Fedora Project
Product-ubuntu_linuxopensusefedorasambaenterprise_linuxn/a
CVE-2013-2116
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.76% / 88.58%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

Action-Not Available
Vendor-n/aGNU
Product-gnutlsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2020
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.55% / 87.89%
||
7 Day CHG~0.00%
Published-13 May, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aCanonical Ltd.ClamAVSUSE
Product-linux_enterprise_serverclamavubuntu_linuxn/a
CVE-2013-1914
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.11% / 89.54%
||
7 Day CHG~0.00%
Published-29 Apr, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1861
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-18.68% / 96.92%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationopenSUSEOracle CorporationSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopmariadbmysqlopensuselinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0211
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.93% / 89.09%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Action-Not Available
Vendor-n/aFreeBSD FoundationCanonical Ltd.openSUSElibarchiveFedora Project
Product-ubuntu_linuxfreebsdlibarchivefedoraopensusen/a
CVE-2013-0242
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.85% / 85.00%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0306
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.57% / 83.28%
||
7 Day CHG~0.00%
Published-02 May, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

Action-Not Available
Vendor-n/aCanonical Ltd.Django
Product-ubuntu_linuxdjangon/a
CVE-2013-0247
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.24% / 86.78%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.

Action-Not Available
Vendor-n/aOpenStackCanonical Ltd.
Product-ubuntu_linuxkeystonen/a
CVE-2012-6656
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.44% / 87.52%
||
7 Day CHG~0.00%
Published-05 Dec, 2014 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUDebian GNU/Linux
Product-glibcdebian_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0189
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-23.03% / 97.47%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.
Product-ubuntu_linuxsquidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-13934
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-64.12% / 99.13%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 14:59
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEDebian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxcommunications_instant_messaging_servermysql_enterprise_monitorinstantis_enterprisetracksiebel_ui_frameworkoncommand_system_managertomcatagile_engineering_data_managementagile_plmfmw_platformmanaged_file_transferworkload_managerleapApache Tomcat
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2012-4428
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.57% / 94.88%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 17:41
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Action-Not Available
Vendor-openslpopenslp-dfsgCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxopenslpdebian_linuxfedoraopenslp-dfsg
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-3509
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.60% / 88.06%
||
7 Day CHG~0.00%
Published-05 Sep, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUDebian GNU/Linux
Product-binutilsdebian_linuxubuntu_linuxlibibertyn/a
CVE-2012-3543
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.58% / 83.34%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:00
Updated-06 Aug, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mono 2.10.x ASP.NET Web Form Hash collision DoS

Action-Not Available
Vendor-mono-projectmonoCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmonomono
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3404
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.23% / 80.56%
||
7 Day CHG~0.00%
Published-10 Feb, 2014 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.GNU
Product-glibcubuntu_linuxenterprise_virtualizationenterprise_linuxn/a
CVE-2019-16866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.51% / 87.76%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 18:53
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

Action-Not Available
Vendor-nlnetlabsn/aCanonical Ltd.
Product-ubuntu_linuxunboundn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2012-1573
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.20% / 89.74%
||
7 Day CHG~0.00%
Published-26 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Action-Not Available
Vendor-n/aGNU
Product-gnutlsn/a
CVE-2012-1569
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.46% / 90.27%
||
7 Day CHG~0.00%
Published-26 Mar, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Action-Not Available
Vendor-n/aGNU
Product-libtasn1gnutlsn/a
CVE-2012-1702
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.18% / 86.48%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationOracle CorporationRed Hat, Inc.
Product-ubuntu_linuxenterprise_linux_workstationenterprise_linux_servermariadbmysqlenterprise_linux_desktopenterprise_linux_eusn/a
CVE-2018-1000024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.08% / 94.10%
||
7 Day CHG~0.00%
Published-09 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxsquidn/a
CVE-2011-4539
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.48% / 96.40%
||
7 Day CHG~0.00%
Published-08 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxInternet Systems Consortium, Inc.
Product-debian_linuxubuntu_linuxdhcpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-9518
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-25.45% / 97.69%
||
7 Day CHG+0.63%
Published-13 Aug, 2019 | 20:50
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.The Apache Software FoundationFedora ProjectOracle CorporationRed Hat, Inc.McAfee, LLCDebian GNU/LinuxopenSUSENode.js (OpenJS Foundation)Synology, Inc.
Product-ubuntu_linuxvs960hdsoftware_collectionsenterprise_linuxquayskynasswiftniodiskstation_managernode.jsdebian_linuxgraalvmopenshift_service_meshfedoramac_os_xvs960hd_firmwaretraffic_serverjboss_enterprise_application_platformjboss_core_servicesweb_gatewayleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-9778
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.55%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 07:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

Action-Not Available
Vendor-n/aGNUopenSUSE
Product-libredwgbackports_sleleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-9513
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-82.02% / 99.61%
||
7 Day CHG-0.55%
Published-13 Aug, 2019 | 20:50
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.F5, Inc.The Apache Software FoundationFedora ProjectOracle CorporationRed Hat, Inc.McAfee, LLCDebian GNU/LinuxopenSUSENode.js (OpenJS Foundation)Synology, Inc.
Product-ubuntu_linuxvs960hdsoftware_collectionsenterprise_linuxquayskynasswiftniodiskstation_managernode.jsdebian_linuxgraalvmopenshift_service_meshfedoramac_os_xvs960hd_firmwarenginxtraffic_serverjboss_enterprise_application_platformenterprise_communications_brokerjboss_core_servicesweb_gatewayleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-9515
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-87.81% / 99.74%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 20:50
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.F5, Inc.The Apache Software FoundationFedora ProjectOracle CorporationRed Hat, Inc.McAfee, LLCDebian GNU/LinuxopenSUSENode.js (OpenJS Foundation)Synology, Inc.
Product-single_sign-onubuntu_linuxvs960hdsoftware_collectionsopenshift_container_platformopenstackenterprise_linuxquayskynasbig-ip_local_traffic_managerswiftniodiskstation_managernode.jsdebian_linuxgraalvmopenshift_service_meshfedoramac_os_xvs960hd_firmwaretraffic_serverjboss_enterprise_application_platformjboss_core_servicesweb_gatewayleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2011-1752
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-8.48% / 94.36%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.The Apache Software FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxmac_os_xfedorasubversionn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.86% / 85.03%
||
7 Day CHG~0.00%
Published-08 Apr, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
CVE-2022-33024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.11%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:33
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2011-1002
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-29.36% / 97.95%
||
7 Day CHG~0.00%
Published-22 Feb, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Action-Not Available
Vendor-avahin/aCanonical Ltd.Red Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxavahifedoraenterprise_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2006-0052
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5||MEDIUM
EPSS-2.64% / 83.70%
||
7 Day CHG~0.00%
Published-31 Mar, 2006 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.

Action-Not Available
Vendor-n/aGNU
Product-mailmann/a
CVE-2010-4052
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-51.30% / 98.80%
||
7 Day CHG~0.00%
Published-13 Jan, 2011 | 18:35
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

Action-Not Available
Vendor-n/aGNU
Product-glibcn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found