Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-2128

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-11 Oct, 2005 | 04:00
Updated At-07 Aug, 2024 | 22:15
Rejected At-
Credits

QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:11 Oct, 2005 | 04:00
Updated At:07 Aug, 2024 | 22:15
Rejected At:
â–¼CVE Numbering Authority (CNA)

QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/17160
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267
vdb-entry
signature
x_refsource_OVAL
http://www.eeye.com/html/research/advisories/AD20051011a.html
third-party-advisory
x_refsource_EEYE
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/995220
third-party-advisory
x_refsource_CERT-VN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149
vdb-entry
signature
x_refsource_OVAL
http://www.osvdb.org/18822
vdb-entry
x_refsource_OSVDB
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050
vendor-advisory
x_refsource_MS
http://secunia.com/advisories/17172
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/17509
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231
vdb-entry
signature
x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
third-party-advisory
x_refsource_CERT
http://www.securityfocus.com/bid/15063
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/17160
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.eeye.com/html/research/advisories/AD20051011a.html
Resource:
third-party-advisory
x_refsource_EEYE
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/995220
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.osvdb.org/18822
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050
Resource:
vendor-advisory
x_refsource_MS
Hyperlink: http://secunia.com/advisories/17172
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/17509
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.securityfocus.com/bid/15063
Resource:
vdb-entry
x_refsource_BID
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/17160
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.eeye.com/html/research/advisories/AD20051011a.html
third-party-advisory
x_refsource_EEYE
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
x_refsource_CONFIRM
x_transferred
http://www.kb.cert.org/vuls/id/995220
third-party-advisory
x_refsource_CERT-VN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.osvdb.org/18822
vdb-entry
x_refsource_OSVDB
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050
vendor-advisory
x_refsource_MS
x_transferred
http://secunia.com/advisories/17172
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/17509
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.securityfocus.com/bid/15063
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/17160
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.eeye.com/html/research/advisories/AD20051011a.html
Resource:
third-party-advisory
x_refsource_EEYE
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/995220
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.osvdb.org/18822
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: http://secunia.com/advisories/17172
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/17509
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/15063
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:12 Oct, 2005 | 13:04
Updated At:16 Apr, 2026 | 00:27

QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Microsoft Corporation
microsoft
>>windows_media_player>>9
cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://secunia.com/advisories/17160secure@microsoft.com
N/A
http://secunia.com/advisories/17172secure@microsoft.com
N/A
http://secunia.com/advisories/17509secure@microsoft.com
N/A
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdfsecure@microsoft.com
N/A
http://www.eeye.com/html/research/advisories/AD20051011a.htmlsecure@microsoft.com
N/A
http://www.kb.cert.org/vuls/id/995220secure@microsoft.com
US Government Resource
http://www.osvdb.org/18822secure@microsoft.com
N/A
http://www.securityfocus.com/bid/15063secure@microsoft.com
N/A
http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlsecure@microsoft.com
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434secure@microsoft.com
N/A
http://secunia.com/advisories/17160af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17172af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17509af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.eeye.com/html/research/advisories/AD20051011a.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/995220af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.osvdb.org/18822af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/15063af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA05-284A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/17160
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17172
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17509
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.eeye.com/html/research/advisories/AD20051011a.html
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/995220
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/18822
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/15063
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17160
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17172
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17509
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.eeye.com/html/research/advisories/AD20051011a.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/995220
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/18822
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/15063
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-050
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1149
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1231
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1267
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1424
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1434
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

517Records found

CVE-2011-2012
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-16.59% / 96.62%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-forefront_unified_access_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0153
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-22.78% / 97.45%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Action-Not Available
Vendor-scon/aMicrosoft Corporation
Product-openserverwindows_95windows_ntwindows_2000n/a
CVE-2011-0040
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-22.76% / 97.45%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-6659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-16.20% / 96.55%
||
7 Day CHG~0.00%
Published-20 Dec, 2006 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-ieoutlookwindows_xpn/a
CVE-2022-30557
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.12% / 89.56%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 19:34
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readern/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2022-28874
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 42.82%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 10:28
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Denial-of-Service (DoS) Vulnerabilities

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationWithSecure CorporationMicrosoft Corporation
Product-linux_securitycloud_protection_for_salesforceelements_endpoint_protectionatlantelements_collaboration_protectionwindowsmacosF-Secure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security 64. F-Secure Atlant. WithSecure Cloud Protection for Salesforce & WithSecure Collaboration Protection
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-29117
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.61% / 90.54%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-27 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft CorporationFedora Project
Product-visual_studio_2019visual_studio_2022.net.net_corefedoraMicrosoft Visual Studio 2022 version 17.0.NET 6.0Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 5.0.NET Core 3.1Microsoft Visual Studio 2022 version 17.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-28871
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 40.56%
||
7 Day CHG~0.00%
Published-25 Apr, 2022 | 10:14
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-windowsatlantmacosmac_os_xAll F-Secure Endpoint Protection products on Windows and Mac F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Internet Gatekeeper F-Secure Cloud Protection for Salesforce
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-29145
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.66% / 90.64%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-27 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft CorporationFedora Project
Product-visual_studio_2019visual_studio_2022.net.net_corefedoraMicrosoft Visual Studio 2022 version 17.0.NET 6.0Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 5.0.NET Core 3.1Microsoft Visual Studio 2022 version 17.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-5917
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-21.42% / 97.30%
||
7 Day CHG~0.00%
Published-12 Mar, 2019 | 21:00
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

azure-umqtt-c (available through GitHub prior to 2017 October 6) allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure-umqtt-cazure-umqtt-c
CVE-2019-5098
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-2.03% / 78.67%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 17:24
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.VMware (Broadcom Inc.)Microsoft Corporation
Product-workstationradeon_rx_550_firmwareradeon_550_firmwareradeon_rx_550radeon_550windows_10AMD ATI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-26832
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.28% / 86.93%
||
7 Day CHG+0.09%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Denial of Service Vulnerability

.NET Framework Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 4.8Microsoft .NET Framework 4.6Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 AND 4.7.2
CVE-2022-26924
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.19% / 86.54%
||
7 Day CHG+0.09%
Published-15 Apr, 2022 | 19:06
Updated-02 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YARP Denial of Service Vulnerability

YARP Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-yet_another_reverse_proxyYARP 1.1RCYARP 1.0
CVE-2022-26831
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.97% / 85.59%
||
7 Day CHG+0.08%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-26915
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.23% / 86.74%
||
7 Day CHG+0.09%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Channel Denial of Service Vulnerability

Windows Secure Channel Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2010-3268
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.32% / 87.10%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.

Action-Not Available
Vendor-n/aIntel CorporationSymantec CorporationMicrosoft Corporation
Product-endpoint_protectionintel_alert_management_systemwindows_2000antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-25331
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.5||HIGH
EPSS-3.05% / 85.95%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 02:45
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsserverprotect_for_network_appliance_filerserverprotect_for_storageserverprotectTrend Micro ServerProtect for Network Appliance FilersTrend Micro ServerProtect for EMC CelerraTrend Micro ServerProtect for Microsoft Windows / Novell NetWareTrend Micro ServerProtect for Storage
CVE-2010-2218
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-2.48% / 82.63%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a "JS method issue."

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.Linux Kernel Organization, Inc
Product-windowslinux_kernelflash_media_server_2flash_media_servern/a
CVE-2010-2090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.71% / 74.51%
||
7 Day CHG~0.00%
Published-27 May, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.

Action-Not Available
Vendor-n/aMicrosoft CorporationIBM Corporation
Product-communications_serveraixwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1991
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.54% / 95.22%
||
7 Day CHG~0.00%
Published-20 May, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CVE-2022-24464
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.23% / 86.72%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-27 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft CorporationFedora Project
Product-visual_studio_2019visual_studio_2022.net.net_corefedoraMicrosoft Visual Studio 2022 version 17.0.NET 6.0Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 5.0Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6).NET Core 3.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-2219
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-2.48% / 82.63%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service (memory consumption) via unknown vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.Linux Kernel Organization, Inc
Product-windowslinux_kernelflash_media_server_2flash_media_servern/a
CVE-2022-24678
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.5||HIGH
EPSS-2.30% / 81.19%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 02:45
Updated-03 Aug, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-1986
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.56% / 72.24%
||
7 Day CHG~0.00%
Published-20 May, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-firefoxwindows_xpn/a
CVE-2002-0073
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-56.39% / 98.94%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serverinternet_information_servicesn/a
CVE-2019-14208
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.64% / 73.56%
||
7 Day CHG~0.00%
Published-21 Jul, 2019 | 18:17
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.17% / 80.05%
||
7 Day CHG~0.00%
Published-21 Jul, 2019 | 18:17
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2005-1665
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-40.33% / 98.46%
||
7 Day CHG~0.00%
Published-18 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-asp.netn/a
CVE-2010-0925
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.16% / 63.39%
||
7 Day CHG~0.00%
Published-03 Mar, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowssafarin/a
CVE-2005-1829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-12.72% / 95.78%
||
7 Day CHG~0.00%
Published-02 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2019-14210
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.60% / 72.79%
||
7 Day CHG~0.00%
Published-21 Jul, 2019 | 18:17
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2005-1649
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-21.78% / 97.34%
||
7 Day CHG~0.00%
Published-18 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2003_servern/a
CVE-2022-23267
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.93% / 91.09%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-27 May, 2026 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft CorporationFedora Project
Product-visual_studio_2022visual_studio_2019fedora.net.net_corepowershellPowerShell 7.2Microsoft Visual Studio 2022 version 17.0.NET 6.0Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 5.0Visual Studio 2019 for Mac version 8.10PowerShell 7.0.NET Core 3.1Microsoft Visual Studio 2022 version 17.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Visual Studio 2022 for Mac version 17.0
CVE-2019-14213
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.15% / 79.88%
||
7 Day CHG~0.00%
Published-21 Jul, 2019 | 18:18
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsn/a
CVE-2005-1218
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-61.18% / 99.05%
||
7 Day CHG~0.00%
Published-10 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CVE-2022-30152
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.67% / 83.92%
||
7 Day CHG+0.02%
Published-15 Jun, 2022 | 21:51
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Network Address Translation (NAT) Denial of Service Vulnerability

Windows Network Address Translation (NAT) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2010-0024
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-10.75% / 95.29%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008exchange_serverwindows_xpwindows_2000windows_2003_serverwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2005-1184
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-37.00% / 98.32%
||
7 Day CHG~0.00%
Published-19 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_98sewindows_2000windows_2003_serverwindows_xpn/a
CVE-2019-1453
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-9.20% / 94.71%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:40
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2009-3877
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.81% / 90.89%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)Linux Kernel Organization, Inc
Product-jdkjresolariswindowssdklinux_kerneln/a
CVE-2009-3885
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.24% / 80.65%
||
7 Day CHG~0.00%
Published-09 Nov, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-windowsjren/a
CVE-2019-14212
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.23% / 80.62%
||
7 Day CHG~0.00%
Published-21 Jul, 2019 | 18:18
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2009-3957
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-4.75% / 90.79%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.

Action-Not Available
Vendor-unixn/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xunixwindowsn/a
CVE-2009-3294
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.73% / 84.30%
||
7 Day CHG~0.00%
Published-22 Sep, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.

Action-Not Available
Vendor-n/aMicrosoft CorporationThe PHP Group
Product-windows_7phpwindows_server_2008windows_xpn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2009-3267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.92% / 96.49%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-14215
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.60% / 72.79%
||
7 Day CHG~0.00%
Published-21 Jul, 2019 | 18:18
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3243
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.24% / 93.58%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.

Action-Not Available
Vendor-n/aWireshark FoundationMicrosoft Corporation
Product-wiresharkwindowsn/a
CVE-2009-3270
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-28.23% / 97.88%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2005-0738
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.53% / 90.39%
||
7 Day CHG~0.00%
Published-13 Mar, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2009-2576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.88% / 96.29%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found