Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-2797

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-19 Apr, 2018 | 02:00
Updated At-03 Oct, 2024 | 20:18
Rejected At-
Credits

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:19 Apr, 2018 | 02:00
Updated At:03 Oct, 2024 | 20:18
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
Java
Versions
Affected
  • Java SE: 6u181
  • 7u171
  • 8u162
  • 10; Java SE Embedded: 8u161; JRockit: R28.3.17
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2018:1278
vendor-advisory
x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4185
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1975
vendor-advisory
x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201903-14
vendor-advisory
x_refsource_GENTOO
https://www.debian.org/security/2018/dsa-4225
vendor-advisory
x_refsource_DEBIAN
http://www.securitytracker.com/id/1040697
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/103846
vdb-entry
x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1724
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1203
vendor-advisory
x_refsource_REDHAT
https://usn.ubuntu.com/3644-1/
vendor-advisory
x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1723
vendor-advisory
x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180419-0001/
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1201
vendor-advisory
x_refsource_REDHAT
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1204
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1722
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1974
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1205
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1721
vendor-advisory
x_refsource_REDHAT
https://usn.ubuntu.com/3691-1/
vendor-advisory
x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1202
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1191
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1188
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1206
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1270
vendor-advisory
x_refsource_REDHAT
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1278
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.debian.org/security/2018/dsa-4185
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1975
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/201903-14
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://www.debian.org/security/2018/dsa-4225
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securitytracker.com/id/1040697
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/103846
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1724
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1203
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://usn.ubuntu.com/3644-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1723
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://security.netapp.com/advisory/ntap-20180419-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1201
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1204
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1722
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1974
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1205
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1721
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://usn.ubuntu.com/3691-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1202
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1191
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1188
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1206
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1270
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2018:1278
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.debian.org/security/2018/dsa-4185
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2018:1975
vendor-advisory
x_refsource_REDHAT
x_transferred
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/201903-14
vendor-advisory
x_refsource_GENTOO
x_transferred
https://www.debian.org/security/2018/dsa-4225
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securitytracker.com/id/1040697
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/103846
vdb-entry
x_refsource_BID
x_transferred
https://access.redhat.com/errata/RHSA-2018:1724
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1203
vendor-advisory
x_refsource_REDHAT
x_transferred
https://usn.ubuntu.com/3644-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://access.redhat.com/errata/RHSA-2018:1723
vendor-advisory
x_refsource_REDHAT
x_transferred
https://security.netapp.com/advisory/ntap-20180419-0001/
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2018:1201
vendor-advisory
x_refsource_REDHAT
x_transferred
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2018:1204
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2018:1722
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1974
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1205
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1721
vendor-advisory
x_refsource_REDHAT
x_transferred
https://usn.ubuntu.com/3691-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://access.redhat.com/errata/RHSA-2018:1202
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1191
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1188
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1206
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1270
vendor-advisory
x_refsource_REDHAT
x_transferred
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1278
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.debian.org/security/2018/dsa-4185
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1975
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201903-14
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://www.debian.org/security/2018/dsa-4225
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securitytracker.com/id/1040697
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/103846
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1724
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1203
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://usn.ubuntu.com/3644-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1723
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20180419-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1201
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1204
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1722
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1974
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1205
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1721
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://usn.ubuntu.com/3691-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1202
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1191
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1188
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1206
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1270
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:19 Apr, 2018 | 02:29
Updated At:22 Nov, 2023 | 19:35

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update181:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update171:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.8.0
cpe:2.3:a:oracle:jdk:1.8.0:update162:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>10
cpe:2.3:a:oracle:jdk:10:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update181:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update171:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.8.0
cpe:2.3:a:oracle:jre:1.8.0:update162:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>10
cpe:2.3:a:oracle:jre:10:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>r28.3.17
cpe:2.3:a:oracle:jrockit:r28.3.17:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>satellite>>5.6
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>satellite>>5.7
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>satellite>>5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_eus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
HP Inc.
hp
>>xp7_command_view>>*
cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
Schneider Electric SE
schneider-electric
>>struxureware_data_center_expert>>Versions before 7.6.0(exclusive)
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/103846secalert_us@oracle.com
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040697secalert_us@oracle.com
Broken Link
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:1188secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1191secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1201secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1202secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1203secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1204secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1205secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1206secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1270secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1278secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1721secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1722secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1723secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1724secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1974secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1975secalert_us@oracle.com
Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0secalert_us@oracle.com
Third Party Advisory
https://security.gentoo.org/glsa/201903-14secalert_us@oracle.com
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180419-0001/secalert_us@oracle.com
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_ussecalert_us@oracle.com
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_ussecalert_us@oracle.com
Third Party Advisory
https://usn.ubuntu.com/3644-1/secalert_us@oracle.com
Third Party Advisory
https://usn.ubuntu.com/3691-1/secalert_us@oracle.com
Third Party Advisory
https://www.debian.org/security/2018/dsa-4185secalert_us@oracle.com
Third Party Advisory
https://www.debian.org/security/2018/dsa-4225secalert_us@oracle.com
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/103846
Source: secalert_us@oracle.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1040697
Source: secalert_us@oracle.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1188
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1191
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1201
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1202
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1203
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1204
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1205
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1206
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1270
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1278
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1721
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1722
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1723
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1724
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1974
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1975
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201903-14
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20180419-0001/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3644-1/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3691-1/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4185
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4225
Source: secalert_us@oracle.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1671Records found
CVE-2018-8740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.53% / 94.24%
||
7 Day CHG+0.90%
Published-17 Mar, 2018 | 00:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

Action-Not Available
Vendor-sqliten/aDebian GNU/Linux
Product-sqlitedebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-9261
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.42%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-834
Excessive Iteration
CVE-2016-8610
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-71.13% / 98.72%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationPalo Alto Networks, Inc.OpenSSLFujitsu LimitedNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balancecore_rdbmsretail_predictive_application_serverclustered_data_ontapenterprise_linux_server_eusenterprise_linuxcommunications_ip_service_activatoradaptive_access_managerm12-2_firmwarehost_agentsnapdrivejboss_enterprise_application_platformclustered_data_ontap_antivirus_connectorm10-1storagegridpeoplesoft_enterprise_peopletoolsontap_select_deployservice_processorm12-2sapplication_testing_suitem12-1_firmwarem12-2weblogic_serverenterprise_linux_server_tussnapcenter_serverenterprise_linux_workstationm12-2s_firmwaresmi-s_providerdebian_linuxenterprise_linux_servertimesten_in-memory_databasem10-4_firmwarestoragegrid_webscaleenterprise_linux_server_ausdata_ontapcn1610_firmwarecommunications_analyticsopensslm10-4sm10-4s_firmwaredata_ontap_edgem10-1_firmwarecn1610enterprise_manager_ops_centerjd_edwards_enterpriseone_toolspan-osm12-1oncommand_workflow_automationgoldengate_application_adaptersm10-4e-series_santricity_os_controllerOpenSSL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-1849
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.89% / 83.24%
||
7 Day CHG-0.51%
Published-07 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CVE-2013-6193
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.33% / 79.99%
||
7 Day CHG~0.00%
Published-17 Dec, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_pro_p1102laserjet_m1522n_multifunction_printercolor_laserjet_cp1518color_laserjet_cp1515laserjet_pro_m1216nfh_mfpcolor_laserjet_cp2025_printerlaserjet_pro_cp1025nwcolor_laserjet_cm1312nfi_multifunction_printerlaserjet_m2727_multifunction_printerlaserjet_pro_400_color_printer_m451laserjet_pro_cp1525nw_color_printerlaserjet_pro_300_color_mfp_printer_m375color_laserjet_cp5225laserjet_pro_m1212nf_mfphp_laserjet_pro_m1214nfh_mfptopshot_laserjet_pro_m275_mfplaserjet_pro_m1213nf_mfplaserjet_pro_m1217nfw_mfplaserjet_pro_cm1415fnw_color_multifunction_printercolor_laserjet_cm2320n_multifunction_printerlaserjet_pro_100_color_mfp_m175laserjet_pro_p1606dnlaserjet_pro_m1536dnf_multifunction_printerlaserjet_pro_300_color_printer_m351laserjet_pro_400_color_mfp_m475n/a
CVE-2004-1180
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.95% / 76.43%
||
7 Day CHG~0.00%
Published-11 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

Action-Not Available
Vendor-n/aDebian GNU/LinuxSun Microsystems (Oracle Corporation)Mandriva (Mandrakesoft)
Product-debian_linuxsunossolarismandrake_linuxmandrake_linux_corporate_servern/a
CVE-2018-8796
Matching Score-8
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-8
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.79%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 20:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopDebian GNU/LinuxCheck Point Software Technologies Ltd.
Product-rdesktopdebian_linuxrdesktop
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8799
Matching Score-8
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-8
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.79%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 20:00
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopDebian GNU/LinuxCheck Point Software Technologies Ltd.
Product-rdesktopdebian_linuxrdesktop
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41881
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

Action-Not Available
Vendor-Debian GNU/LinuxThe Netty Project
Product-nettydebian_linuxnetty
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2018-8777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 80.81%
||
7 Day CHG-0.42%
Published-03 Apr, 2018 | 22:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.RubyRed Hat, Inc.
Product-ubuntu_linuxdebian_linuxrubyenterprise_linuxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-8530
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-6.19% / 90.88%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centeriMC PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9256
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.52%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9240
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.04%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 22:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.

Action-Not Available
Vendor-ncmpc_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxncmpcdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-6855
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.04% / 88.51%
||
7 Day CHG~0.00%
Published-07 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectThe GNOME ProjectCanonical Ltd.
Product-eye_of_gnomefedoraleapopensuseubuntu_linuxglibn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-8792
Matching Score-8
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-8
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.79%
||
7 Day CHG-0.18%
Published-05 Feb, 2019 | 20:00
Updated-17 Sep, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopDebian GNU/LinuxCheck Point Software Technologies Ltd.
Product-rdesktopdebian_linuxrdesktop
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 72.05%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2016-7551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.63% / 91.22%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

Action-Not Available
Vendor-n/aDebian GNU/LinuxDigium, Inc.
Product-debian_linuxcertified_asteriskasteriskn/a
CVE-2018-9264
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 72.08%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-8789
Matching Score-8
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-8
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-1.65% / 82.07%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 18:00
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

Action-Not Available
Vendor-Canonical Ltd.Check Point Software Technologies Ltd.FreeRDPDebian GNU/Linux
Product-freerdpubuntu_linuxdebian_linuxFreeRDP
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 66.00%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-7797
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.42% / 85.13%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

Action-Not Available
Vendor-clusterlabsn/aopenSUSESUSERed Hat, Inc.
Product-enterprise_linux_high_availabilityleapenterprise_linux_resilient_storagelinux_enterprise_high_availabilitylinux_enterprise_software_development_kitpacemakern/a
CVE-2004-0911
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.89% / 75.63%
||
7 Day CHG~0.00%
Published-28 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-netkitn/a
CVE-2016-7072
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.24%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 17:00
Updated-06 Aug, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.

Action-Not Available
Vendor-powerdnsOpen-Xchange AGDebian GNU/Linux
Product-debian_linuxauthoritativepdns
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-26690
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-70.38% / 98.69%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 07:10
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_session NULL pointer dereference

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2009-3977
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.36% / 84.94%
||
7 Day CHG~0.00%
Published-19 Nov, 2009 | 00:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-9273
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 72.05%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-2450
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.03% / 77.41%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-25 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-25219
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-5.3||MEDIUM
EPSS-1.04% / 77.46%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 21:10
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lame cache can be abused to severely degrade resolver performance

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.Debian GNU/LinuxNetApp, Inc.Oracle CorporationSiemens AGFedora Project
Product-h300eh500scloud_backuph300s_firmwareh410c_firmwareh410sh300sh300e_firmwaresinec_infrastructure_network_serviceshttp_serverdebian_linuxh500eh410s_firmwarefedorah500s_firmwareh500e_firmwarezfs_storage_appliance_kith700s_firmwareh700ebindh410ch700e_firmwareh700sBIND9
CVE-2018-9268
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 72.35%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2016-7800
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.18% / 84.38%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-debian_linuxleapgraphicsmagickopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-2449
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.03% / 77.41%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-25 Sep, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-2451
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.03% / 77.41%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-25 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-25290
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.58%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 03:29
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

Action-Not Available
Vendor-n/aDebian GNU/LinuxPython Software Foundation
Product-pillowdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-2477
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.58% / 81.61%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:49
Updated-25 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Framework. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-applications_frameworkApplications Framework
CVE-2021-2453
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.42% / 80.63%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:45
Updated-25 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-2452
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.42% / 80.63%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:45
Updated-25 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2018-9259
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9270
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 73.23%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-25215
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.49% / 81.11%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 00:55
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.Debian GNU/LinuxNetApp, Inc.Oracle CorporationSiemens AGFedora Project
Product-h300e500f_firmwarea250_firmwareh500scloud_backuptekelec_platform_distributionh300s_firmwareactive_iq_unified_managerh410sh300sh300e_firmwaresinec_infrastructure_network_services500fdebian_linuxh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwarea250h700ebindh700e_firmwareh700sBIND9
CWE ID-CWE-617
Reachable Assertion
CVE-2018-9263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.64%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CVE-2016-7044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.93% / 83.44%
||
7 Day CHG~0.00%
Published-27 Sep, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.

Action-Not Available
Vendor-irssin/aDebian GNU/LinuxCanonical Ltd.
Product-irssidebian_linuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.26% / 87.16%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-debian_linuxleapgraphicsmagickopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-8516
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-5.55% / 90.29%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-systems_insight_managerSystems Insight Manager using OpenSSL
CVE-2018-7052
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 78.46%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.

Action-Not Available
Vendor-irssin/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxirssidebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-6352
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.56% / 81.49%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

Action-Not Available
Vendor-n/aThe GNOME ProjectopenSUSECanonical Ltd.
Product-gdk-pixbufleapopensuseubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-23840
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.06%
||
7 Day CHG~0.00%
Published-16 Feb, 2021 | 16:55
Updated-16 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in CipherUpdate

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxFujitsu LimitedTenable, Inc.OpenSSLNode.js (OpenJS Foundation)McAfee, LLC
Product-m10-1_firmwarenessus_network_monitornode.jslog_correlation_enginem10-4s_firmwarebusiness_intelligencem12-2_firmwarem10-4m12-1_firmwarem10-4sgraalvmdebian_linuxenterprise_manager_for_storage_managementm10-1opensslm12-2s_firmwarecommunications_cloud_native_core_policym12-1nosql_databaseenterprise_manager_ops_centerepolicy_orchestratorm10-4_firmwaremysql_serverjd_edwards_enterpriseone_toolsm12-2sm12-2jd_edwards_world_securityOpenSSL
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-2423
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.40% / 80.44%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-25 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2018-7325
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.23%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-2419
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.03% / 77.41%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-25 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2018-7331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 79.76%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 33
  • 34
  • Next
Details not found