Skip to main content

CWE-466

Return of Pointer Value Outside of Expected Range

8 CVEs Avg CVSS 6.9 MITRE
0
CRITICAL
2
HIGH
6
MEDIUM
0
LOW
5
POC
0
KEV

Monthly

CVE-2026-57025 MEDIUM PATCH This Month

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a local, low-privileged attacker to crash the l2ald (Layer 2 Address Learning Daemon) by issuing a specific 'show l2-learning' CLI command, disrupting all Layer 2 services until the process automatically restarts. The root cause is a Return of Pointer Value Outside of Expected Range flaw (CWE-466) in the fileio library. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA or the vendor.

Juniper Denial Of Service Junos Os Junos Os Evolved
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2018-25234 MEDIUM POC This Month

SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Smartftp Client
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25227 MEDIUM POC This Month

Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Valentina Studio
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25599 MEDIUM POC This Month

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Backup Key Recovery
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25586 PyPI MEDIUM POC This Month

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deluge
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25548 MEDIUM POC This Month

BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bluestacks
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2024-33602 HIGH This Week

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Glibc Debian Linux H300s Firmware H500s Firmware +8
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-21849 HIGH This Week

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a local, low-privileged attacker to crash the l2ald (Layer 2 Address Learning Daemon) by issuing a specific 'show l2-learning' CLI command, disrupting all Layer 2 services until the process automatically restarts. The root cause is a Return of Pointer Value Outside of Expected Range flaw (CWE-466) in the fileio library. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA or the vendor.

Juniper Denial Of Service Junos Os +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Smartftp Client
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Valentina Studio
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Backup Key Recovery
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deluge
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bluestacks
NVD Exploit-DB
EPSS 1% CVSS 7.4
HIGH This Week

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Glibc Debian Linux +10
NVD
EPSS 1% CVSS 7.5
HIGH This Week

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy