Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1529

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Oct, 2011 | 21:00
Updated At-06 Aug, 2024 | 22:28
Rejected At-
Credits

The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Oct, 2011 | 21:00
Updated At:06 Aug, 2024 | 22:28
Rejected At:
▼CVE Numbering Authority (CNA)

The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
vendor-advisory
x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2011:160
vendor-advisory
x_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
vendor-advisory
x_refsource_SUSE
http://www.kb.cert.org/vuls/id/659251
third-party-advisory
x_refsource_CERT-VN
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2011-1379.html
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:160
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.kb.cert.org/vuls/id/659251
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1379.html
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:160
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.kb.cert.org/vuls/id/659251
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1379.html
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:160
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/659251
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1379.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Oct, 2011 | 21:55
Updated At:29 Apr, 2026 | 01:13

The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.1
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.2
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.3
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.4
cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9.1
cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.htmlcve@mitre.org
N/A
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txtcve@mitre.org
Vendor Advisory
http://www.kb.cert.org/vuls/id/659251cve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:159cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:160cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2011-1379.htmlcve@mitre.org
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.kb.cert.org/vuls/id/659251af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:159af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:160af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-1379.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/659251
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:160
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1379.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/659251
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:159
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:160
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1379.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

481Records found
CVE-2011-4151
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 79.05%
||
7 Day CHG~0.00%
Published-20 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1527
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.62% / 85.74%
||
7 Day CHG~0.00%
Published-20 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1528
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.46% / 90.23%
||
7 Day CHG~0.00%
Published-20 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0283
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.73% / 88.04%
||
7 Day CHG~0.00%
Published-21 Feb, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberoskerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-4344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.27% / 90.04%
||
7 Day CHG~0.00%
Published-14 Aug, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.

Action-Not Available
Vendor-n/aRed Hat, Inc.Debian GNU/LinuxMIT (Massachusetts Institute of Technology)
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationkerberos_5enterprise_linux_desktopenterprise_linux_hpc_noden/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2002-2443
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.01% / 94.60%
||
7 Day CHG~0.00%
Published-29 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMIT (Massachusetts Institute of Technology)Red Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxenterprise_linux_serverkerberos_5enterprise_linux_workstationenterprise_linux_desktopfedoraenterprise_linux_server_ausenterprise_linux_eusopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1417
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.54% / 67.76%
||
7 Day CHG~0.00%
Published-20 Nov, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1015
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.23% / 79.29%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0285
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-54.02% / 98.02%
||
7 Day CHG~0.00%
Published-15 Apr, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1322
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 80.97%
||
7 Day CHG~0.00%
Published-07 Oct, 2010 | 20:21
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0845
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-19.31% / 95.40%
||
7 Day CHG~0.00%
Published-27 Mar, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberoskerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4022
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.99% / 92.64%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-32471
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-6.24% / 90.95%
||
7 Day CHG+0.80%
Published-10 May, 2021 | 04:49
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-universal_turing_machinen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1741
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.92% / 83.43%
||
7 Day CHG~0.00%
Published-16 May, 2008 | 06:54
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_presencen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0526
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.92% / 83.43%
||
7 Day CHG~0.00%
Published-15 Feb, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-skinny_client_control_protocol_\(sccp\)_firmwareunified_ip_phonesession_initiation_protocol_\(sip\)_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0534
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-2.89% / 86.38%
||
7 Day CHG~0.00%
Published-22 May, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582.

Action-Not Available
Vendor-icon-labsn/aCisco Systems, Inc.
Product-iconfidant_sshservice_control_enginen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6509
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-75.53% / 98.91%
||
7 Day CHG~0.00%
Published-21 Dec, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp.

Action-Not Available
Vendor-appiann/a
Product-business_process_management_suiten/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.24% / 87.15%
||
7 Day CHG~0.00%
Published-01 Jul, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-direct_connectn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.66% / 71.17%
||
7 Day CHG~0.00%
Published-05 Nov, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."

Action-Not Available
Vendor-n/aAvaya LLC
Product-messaging_storage_servermessage_networkingn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.53%
||
7 Day CHG~0.00%
Published-21 May, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1.

Action-Not Available
Vendor-codeplexn/a
Product-subsonicn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3468
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.91% / 75.98%
||
7 Day CHG~0.00%
Published-29 Aug, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_ip_phone_firmwareunified_ip_phone_8945n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1181
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.81% / 74.31%
||
7 Day CHG~0.00%
Published-25 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_system_infrastructure_and_unified_computing_system_softwarenexus_3064xunified_computing_system_6248up_fabric_interconnectnexus_5596upnexus_5548pnx-osnexus_3016qnexus_3048unified_computing_system_6296up_fabric_interconnectnexus_3548nexus_3064tnexus_5548upn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2005-0209
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.85% / 74.96%
||
7 Day CHG~0.00%
Published-18 Mar, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7162
Matching Score-4
Assigner-Node.js
ShareView Details
Matching Score-4
Assigner-Node.js
CVSS Score-7.5||HIGH
EPSS-1.02% / 77.27%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)
Product-node.jsNode.js
CWE ID-CWE-20
Improper Input Validation
CVE-2007-3391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.34% / 87.36%
||
7 Day CHG~0.00%
Published-26 Jun, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5509
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.34% / 80.09%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP (LTM, AAM, AFM, APM, ASM, Link Controller, PEM, WebSafe)
CWE ID-CWE-20
Improper Input Validation
CVE-2007-2322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.42% / 80.67%
||
7 Day CHG~0.00%
Published-27 Apr, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-neron/a
Product-mediahome_cemediahomen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6497
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-10.17% / 93.15%
||
7 Day CHG~0.00%
Published-20 Mar, 2009 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI.

Action-Not Available
Vendor-tpn/a
Product-neostrada_livebox_adsl_routern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6407
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.19% / 95.83%
||
7 Day CHG~0.00%
Published-30 Jan, 2018 | 21:00
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.

Action-Not Available
Vendor-conceptronicn/a
Product-cipcamptiwl_firmwarecipcamptiwlcipcamptiwl_web_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6490
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 67.92%
||
7 Day CHG~0.00%
Published-02 Mar, 2018 | 01:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS)

Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-operations_orchestrationOperations Orchestration Software
CWE ID-CWE-20
Improper Input Validation
CVE-2003-1490
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.36%
||
7 Day CHG~0.00%
Published-24 Oct, 2007 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-pro100pro300pro200n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2003-1003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.59% / 69.28%
||
7 Day CHG~0.00%
Published-17 Dec, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pix_firewall_softwarepix_firewalln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28328
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.62%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:08
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-scalance_w1788-2ia_m12scalance_w1788-2ia_m12_firmwarescalance_w1788-2_m12_firmwarescalance_w1788-1_m12_firmwarescalance_w1788-2_eec_m12_firmwarescalance_w1788-1_m12scalance_w1788-2_eec_m12scalance_w1788-2_m12SCALANCE W1788-1 M12SCALANCE W1788-2IA M12SCALANCE W1788-2 M12SCALANCE W1788-2 EEC M12
CWE ID-CWE-20
Improper Input Validation
CVE-2003-0567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-24.63% / 96.16%
||
7 Day CHG~0.00%
Published-25 Jul, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-optical_networking_systems_softwareiosons_15454_optical_transport_platformn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-2371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.00% / 77.05%
||
7 Day CHG~0.00%
Published-31 Oct, 2007 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.

Action-Not Available
Vendor-n/aLinksys Holdings, Inc.
Product-wet11n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-2354
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.98% / 76.86%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-fm114pn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5391
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.83% / 88.19%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.F5, Inc.Siemens AGLinux Kernel Organization, IncMicrosoft Corporation
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerenterprise_linux_server_euswindows_8.1big-ip_policy_enforcement_managerenterprise_linux_server_ausscalance_sc-600_firmwaresimatic_rf188_firmwareruggedcom_rm1224_firmwarebig-ip_local_traffic_managersimatic_net_cp_1243-7_lte_uswindows_10simatic_net_cp_1243-7_lte_us_firmwarescalance_w700_ieee_802.11a\/b\/g\/nsinema_remote_connect_serverenterprise_linux_workstationsimatic_net_cp_1243-1simatic_net_cp_1243-7_lte_eu_firmwaresimatic_rf185c_firmwarescalance_s615_firmwaresimatic_net_cp_1543sp-1enterprise_linux_desktopsimatic_net_cp_1543-1scalance_m-800_firmwaresimatic_net_cp_1242-7_firmwaresimatic_net_cp_1542sp-1_firmwarebig-ip_domain_name_systemsimatic_net_cp_1543sp-1_firmwarescalance_w1700_ieee_802.11ac_firmwareruggedcom_rox_iisimatic_net_cp_1542sp-1big-ip_edge_gatewaydebian_linuxlinux_kernelsimatic_net_cp_1543-1_firmwarescalance_sc-600simatic_net_cp_1242-7simatic_net_cp_1243-1_firmwarewindows_server_2008simatic_net_cp_1542sp-1_irc_firmwareenterprise_linux_serverwindows_server_2016windows_server_2012simatic_rf188big-ip_fraud_protection_serviceruggedcom_rox_ii_firmwarescalance_w700_ieee_802.11a\/b\/g\/n_firmwaresimatic_rf186c_firmwaresimatic_net_cp_1542sp-1_ircbig-ip_application_security_managerruggedcom_rm1224simatic_rf185cscalance_s615simatic_rf186cisimatic_net_cp_1243-8_ircbig-ip_access_policy_managersimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwaresimatic_rf188ci_firmwaresinema_remote_connect_server_firmwarewindows_rt_8.1big-ip_global_traffic_managerbig-ip_analyticssimatic_rf186cbig-ip_link_controllerscalance_w1700_ieee_802.11acwindows_7scalance_m-800enterprise_linux_server_tusbig-ip_advanced_firewall_managersimatic_rf188cisimatic_net_cp_1243-7_lte_euKernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1839
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-41.94% / 97.45%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-2325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-6.26% / 90.97%
||
7 Day CHG~0.00%
Published-26 Oct, 2007 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-pinen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-2421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 66.16%
||
7 Day CHG~0.00%
Published-01 Nov, 2007 | 17:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.

Action-Not Available
Vendor-andrey_cherezovn/a
Product-acwebn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-25751
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.87% / 83.19%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-20
Improper Input Validation
CVE-2022-25161
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.6||HIGH
EPSS-0.32% / 54.98%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:32
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-melsec_iq-fx5uc-32mt\/dss-tsmelsec_iq-fx5u-64mr\/esmelsec_iq-fx5u-80mr\/dssmelsec_iq-fx5uc-96mr\/ddsmelsec_iq-fx5uj-40mt\/essmelsec_iq-fx5s-40mr\/ess_firmwaremelsec_iq-fx5uj-40mr\/esmelsec_iq-fx5u-32mr\/dss_firmwaremelsec_iq-fx5uj-60mt\/es-amelsec_iq-fx5uj-24mt\/es-a_firmwaremelsec_iq-fx5uj-40mt\/es_firmwaremelsec_iq-fx5uj-24mt\/es-amelsec_iq-fx5u-80mr\/dss_firmwaremelsec_iq-fx5uc-32mr\/ds-ts_firmwaremelsec_iq-fx5u-64mr\/dsmelsec_iq-fx5s-80mt\/esmelsec_iq-fx5u-64mt\/es_firmwaremelsec_iq-fx5uj-40mt\/es-amelsec_iq-fx5u-32mr\/ess_firmwaremelsec_iq-fx5u-64mt\/ess_firmwaremelsec_iq-fx5s-60mt\/essmelsec_iq-fx5uj-60mr\/es-a_firmwaremelsec_iq-fx5u-80mt\/ess_firmwaremelsec_iq-fx5uc-96mt\/ddsmelsec_iq-fx5uc-64mt\/ds_firmwaremelsec_iq-fx5s-60mr\/es_firmwaremelsec_iq-fx5u-80mt\/esmelsec_iq-fx5uj-60mr\/esmelsec_iq-fx5s-30mr\/esmelsec_iq-fx5uj-24mr\/es-a_firmwaremelsec_iq-fx5u-64mt\/dssmelsec_iq-fx5u-32mt\/es_firmwaremelsec_iq-fx5s-60mt\/es_firmwaremelsec_iq-fx5uj-40mt\/es-a_firmwaremelsec_iq-fx5uc-32mt\/ddsmelsec_iq-fx5s-60mt\/ess_firmwaremelsec_iq-fx5u-80mt\/es_firmwaremelsec_iq-fx5uj-60mt\/essmelsec_iq-fx5uj-60mt\/es_firmwaremelsec_iq-fx5u-32mt\/essmelsec_iq-fx5s-60mr\/essmelsec_iq-fx5uc-96mt\/ds_firmwaremelsec_iq-fx5uj-24mt\/es_firmwaremelsec_iq-fx5s-30mt\/essmelsec_iq-fx5u-64mr\/essmelsec_iq-fx5uc-32mt\/dsmelsec_iq-fx5uj-40mr\/es-a_firmwaremelsec_iq-fx5u-80mr\/dsmelsec_iq-fx5u-32mt\/ess_firmwaremelsec_iq-fx5s-40mr\/esmelsec_iq-fx5s-80mt\/ess_firmwaremelsec_iq-fx5s-40mt\/ess_firmwaremelsec_iq-fx5u-32mr\/ds_firmwaremelsec_iq-fx5uc-32mr\/dsmelsec_iq-fx5uc-32mt\/dds_firmwaremelsec_iq-fx5uc-64mt\/dds_firmwaremelsec_iq-fx5uc-64mt\/dsmelsec_iq-fx5uj-40mr\/ess_firmwaremelsec_iq-fx5s-80mr\/essmelsec_iq-fx5uc-64mr\/dds_firmwaremelsec_iq-fx5uc-64mr\/ds_firmwaremelsec_iq-fx5uj-24mr\/ess_firmwaremelsec_iq-fx5u-80mr\/es_firmwaremelsec_iq-fx5u-64mt\/essmelsec_iq-fx5u-32mt\/dss_firmwaremelsec_iq-fx5s-80mr\/esmelsec_iq-fx5u-64mt\/dss_firmwaremelsec_iq-fx5uj-24mr\/esmelsec_iq-fx5s-30mr\/essmelsec_iq-fx5u-64mt\/ds_firmwaremelsec_iq-fx5u-80mt\/dss_firmwaremelsec_iq-fx5s-30mr\/ess_firmwaremelsec_iq-fx5u-32mt\/dsmelsec_iq-fx5uc-96mr\/ds_firmwaremelsec_iq-fx5uc-64mr\/dsmelsec_iq-fx5uj-60mt\/esmelsec_iq-fx5uc-96mr\/dsmelsec_iq-fx5uj-40mr\/es-amelsec_iq-fx5uj-24mr\/es_firmwaremelsec_iq-fx5uc-32mt\/ds_firmwaremelsec_iq-fx5u-32mr\/esmelsec_iq-fx5u-32mt\/dssmelsec_iq-fx5u-64mr\/ds_firmwaremelsec_iq-fx5s-60mt\/esmelsec_iq-fx5s-40mr\/es_firmwaremelsec_iq-fx5uj-60mr\/es-amelsec_iq-fx5s-30mr\/es_firmwaremelsec_iq-fx5uc-96mt\/dsmelsec_iq-fx5s-40mt\/es_firmwaremelsec_iq-fx5uj-40mr\/es_firmwaremelsec_iq-fx5s-80mt\/essmelsec_iq-fx5uc-32mt\/ds-tsmelsec_iq-fx5u-64mt\/dsmelsec_iq-fx5uj-24mt\/esmelsec_iq-fx5u-32mt\/esmelsec_iq-fx5u-80mr\/ds_firmwaremelsec_iq-fx5uj-40mt\/esmelsec_iq-fx5u-64mr\/es_firmwaremelsec_iq-fx5u-80mr\/essmelsec_iq-fx5uj-60mt\/ess_firmwaremelsec_iq-fx5uj-60mr\/essmelsec_iq-fx5uj-24mt\/essmelsec_iq-fx5s-30mt\/es_firmwaremelsec_iq-fx5u-80mt\/essmelsec_iq-fx5s-40mt\/essmelsec_iq-fx5u-32mr\/essmelsec_iq-fx5uj-24mr\/es-amelsec_iq-fx5u-80mt\/ds_firmwaremelsec_iq-fx5u-64mr\/dss_firmwaremelsec_iq-fx5u-64mr\/ess_firmwaremelsec_iq-fx5s-60mr\/esmelsec_iq-fx5s-80mr\/ess_firmwaremelsec_iq-fx5uj-60mt\/es-a_firmwaremelsec_iq-fx5s-60mr\/ess_firmwaremelsec_iq-fx5s-30mt\/ess_firmwaremelsec_iq-fx5uc-32mr\/ds_firmwaremelsec_iq-fx5u-32mr\/dsmelsec_iq-fx5s-80mr\/es_firmwaremelsec_iq-fx5uj-60mr\/es_firmwaremelsec_iq-fx5uj-40mt\/ess_firmwaremelsec_iq-fx5u-80mr\/ess_firmwaremelsec_iq-fx5u-80mt\/dssmelsec_iq-fx5uc-96mt\/dds_firmwaremelsec_iq-fx5uc-32mr\/ddsmelsec_iq-fx5uc-64mt\/ddsmelsec_iq-fx5uc-64mr\/ddsmelsec_iq-fx5u-80mr\/esmelsec_iq-fx5s-40mr\/essmelsec_iq-fx5s-30mt\/esmelsec_iq-fx5uc-96mr\/dds_firmwaremelsec_iq-fx5u-32mr\/dssmelsec_iq-fx5s-80mt\/es_firmwaremelsec_iq-fx5u-32mt\/ds_firmwaremelsec_iq-fx5uc-32mt\/ds-ts_firmwaremelsec_iq-fx5uj-24mt\/ess_firmwaremelsec_iq-fx5u-64mr\/dssmelsec_iq-fx5u-64mt\/esmelsec_iq-fx5uc-32mt\/dss-ts_firmwaremelsec_iq-fx5u-80mt\/dsmelsec_iq-fx5s-40mt\/esmelsec_iq-fx5u-32mr\/es_firmwaremelsec_iq-fx5uj-60mr\/ess_firmwaremelsec_iq-fx5uc-32mr\/ds-tsmelsec_iq-fx5uc-32mr\/dds_firmwaremelsec_iq-fx5uj-40mr\/essmelsec_iq-fx5uj-24mr\/essMitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS)
CWE ID-CWE-20
Improper Input Validation
CVE-2018-18878
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 78.57%
||
7 Day CHG~0.00%
Published-18 Jun, 2019 | 14:03
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

Action-Not Available
Vendor-columbiaweathern/a
Product-weather_microserver_firmwareweather_microservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1184
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.81% / 74.31%
||
7 Day CHG~0.00%
Published-25 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_system_infrastructure_and_unified_computing_system_softwareunified_computing_system_6248up_fabric_interconnectunified_computing_system_integrated_management_controllerunified_computing_system_6120xp_fabric_interconnectunified_computing_system_6296up_fabric_interconnectunified_computing_system_6140xp_fabric_interconnectn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15454
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-4.13% / 88.68%
||
7 Day CHG~0.00%
Published-01 Nov, 2018 | 13:00
Updated-26 Nov, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15460
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.38% / 59.67%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 22:00
Updated-19 Nov, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asyncosemail_security_applianceCisco Email Security Appliance (ESA)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-13798
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.97%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 18:48
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.

Action-Not Available
Vendor-Siemens AG
Product-sicam_a8000_cp-8050sicam_a8000_cp-8050_firmwaresicam_a8000_cp-8000sicam_a8000_cp-802x_firmwaresicam_a8000_cp-802xsicam_a8000_cp-8000_firmwareSICAM A8000 CP-802XSICAM A8000 CP-8000, SICAM A8000 CP-802X, SICAM A8000 CP-8050SICAM A8000 CP-8050
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-27.90% / 96.49%
||
7 Day CHG~0.00%
Published-18 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntn/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0726
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-14.84% / 94.55%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0721
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-18.91% / 95.34%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000n/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found