Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2002

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-12 Oct, 2011 | 01:00
Updated At-06 Aug, 2024 | 22:46
Rejected At-
Credits

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:12 Oct, 2011 | 01:00
Updated At:06 Aug, 2024 | 22:46
Rejected At:
▼CVE Numbering Authority (CNA)

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1026165
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/49973
vdb-entry
x_refsource_BID
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077
vendor-advisory
x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13024
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securitytracker.com/id?1026165
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/49973
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077
Resource:
vendor-advisory
x_refsource_MS
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13024
Resource:
vdb-entry
signature
x_refsource_OVAL
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1026165
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/49973
vdb-entry
x_refsource_BID
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077
vendor-advisory
x_refsource_MS
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13024
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026165
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/49973
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13024
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:12 Oct, 2011 | 02:52
Updated At:29 Apr, 2026 | 01:13

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.7MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 4.7
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CPE Matches
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/49973secure@microsoft.com
N/A
http://www.securitytracker.com/id?1026165secure@microsoft.com
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13024secure@microsoft.com
N/A
http://www.securityfocus.com/bid/49973af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026165af854a3a-2127-422b-91ae-364da2661108
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13024af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.securityfocus.com/bid/49973
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026165
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13024
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49973
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026165
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13024
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1218Records found
CVE-2013-3903
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.99% / 77.23%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0354
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 14.35%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0719
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 59.72%
||
7 Day CHG~0.00%
Published-26 Feb, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0235
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.74% / 73.41%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_xpwindows_2000windows_2003_serverwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0482
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.98% / 77.20%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0234
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.61% / 70.17%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_vistawindows_xpwindows_2000windows_2003_serverwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1872
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-2.84% / 86.50%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008n/a
CVE-2011-1971
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.22% / 79.43%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_7windows_server_2008n/a
CVE-2021-3718
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 10.79%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.

Action-Not Available
Vendor-Linux Kernel Organization, IncLenovo Group LimitedMicrosoft Corporation
Product-thinkpad_l15_gen_1thinkpad_x380_yogawindows_8.1thinkpad_11e_4th_gen_i7_firmwarethinkpad_11e_4th_gen_celeron_firmwarethinkpad_e490thinkpad_x260_firmwarethinkpad_p53sthinkpad_e590_firmwarewindows_10thinkpad_l15_gen_1_firmwarethinkpad_t490thinkpad_t590thinkpad_11e_3rd_genthinkpad_x390_yogathinkpad_p72_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l13_yoga_gen_2thinkpad_l590thinkpad_s5_2nd_genthinkpad_l14_gen_1_firmwarethinkpad_p52thinkpad_p43sthinkpad_l390_firmwarethinkpad_l13_yoga_gen_2_firmwarethinkpad_t460thinkpad_l14_firmwarethinkpad_l390_yoga_firmwarethinkpad_13_gen_2thinkpad_s2_yoga_gen_6thinkpad_11e_4th_gen_i7thinkpad_l13_gen_2thinkpad_l380_yoga_firmwarethinkpad_11e_4th_gen_i5thinkpad_e490s_firmwarelinux_kernelthinkpad_s2_gen_6_firmwarethinkpad_11e_4th_gen_i5_firmwarethinkpad_11e_yoga_gen_6thinkpad_yoga_370thinkpad_e490_firmwarethinkpad_t460_firmwarethinkpad_t490_firmwarethinkpad_x390_yoga_firmwarethinkpad_l380_firmwarethinkpad_11e_4th_gen_i3_firmwarethinkpad_l390thinkpad_l380thinkpad_11e_5th_genthinkpad_11e_4th_gen_celeronthinkpad_11e_4th_gen_i3thinkpad_t590_firmwarethinkpad_l14_gen_1thinkpad_l390_yogathinkpad_s2_yoga_gen_6_firmwarethinkpad_l490_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_11e_5th_gen_firmwarethinkpad_l15_firmwarethinkpad_x12_detachable_gen_1thinkpad_l490thinkpad_l13_firmwarethinkpad_l380_yogathinkpad_l14thinkpad_l13thinkpad_l590_firmwarethinkpad_p43s_firmwarethinkpad_l15thinkpad_e590thinkpad_l13_gen_2_firmwarethinkpad_p72thinkpad_x380_yoga_firmwarethinkpad_s2_gen_6thinkpad_e490sthinkpad_x260thinkpad_11e_3rd_gen_firmwarethinkpad_l13_yogathinkpad_11e_yoga_gen_6_firmwarethinkpad_p53s_firmwarewindows_7thinkpad_p52_firmwarethinkpad_13_gen_2_firmwarethinkpad_l13_yoga_firmwareThinkPad BIOS
CWE ID-CWE-232
Improper Handling of Undefined Values
CVE-2010-0481
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 71.78%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_7windows_server_2008n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-0810
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.28% / 79.95%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_server_2008n/a
CVE-2022-22712
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.21% / 43.70%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:37
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_server_2019windows_10Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909
CVE-2015-0060
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-2.52% / 85.71%
||
7 Day CHG~0.00%
Published-11 Feb, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012windows_server_2003n/a
CVE-2008-6819
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 48.07%
||
7 Day CHG~0.00%
Published-01 Jun, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_2003_servern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-8627
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.58% / 69.41%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10Windows Subsystem for Linux
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-12389
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-0.67% / 71.74%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 17:03
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsfirefox_esrFirefoxFirefox ESR
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1239
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-32.98% / 97.00%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-8528
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.48%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 19:52
Updated-18 May, 2026 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2025-30391
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.95% / 76.77%
||
7 Day CHG-0.29%
Published-30 Apr, 2025 | 17:14
Updated-26 Feb, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics Information Disclosure Vulnerability

Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365_customer_serviceDynamics 365 Customer Service
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12985
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.56%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:50
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1286
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-35.27% / 97.14%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2025-26647
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.73% / 89.62%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008windows_server_2022windows_server_2025windows_server_2022_23h2windows_server_2019Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30447
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:07
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12929
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.97%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:52
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution .

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-50308
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 18:44
Updated-10 Jun, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kerneldb2linux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12388
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-0.57% / 69.16%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 17:04
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsfirefox_esrFirefoxFirefox ESR
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12960
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.88%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 19:47
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2025-25005
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.52% / 89.38%
||
7 Day CHG+2.23%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Tampering Vulnerability

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTMMicrosoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24074
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 76.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_server_2025windows_server_2019windows_11_23h2windows_10_1809windows_10_21h2windows_server_2022Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24073
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 76.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_10_1507windows_10_1607windows_server_2025windows_server_2019windows_11_23h2windows_10_1809windows_server_2016windows_10_21h2windows_server_2022Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9880
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.11% / 29.81%
||
7 Day CHG+0.02%
Published-28 May, 2026 | 22:25
Updated-30 May, 2026 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24058
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 76.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_10_21h2windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_11_22h2windows_10_22h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1195
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-5.65% / 90.55%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge (Chromium-based)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1167
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.59% / 93.43%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:18
Updated-23 Feb, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Graphics Components Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10windows_server_2019Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 1803Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows 10 Version 1709Windows 10 Version 1909Windows 10 Version 1709 for 32-bit SystemsWindows Server 2016
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-9969
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.02%
||
7 Day CHG+0.02%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30442
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 00:01
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30449
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:31
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38727
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.19%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:08
Updated-13 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30987
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:48
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0317
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-12.47% / 94.06%
||
7 Day CHG~0.00%
Published-12 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_vistawindows_xpwindows_server_2012windows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1173
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.18% / 79.15%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-power_bi_report_serverPower BI Report Server
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30445
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:28
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30448
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:19
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2025-23336
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 22.67%
||
7 Day CHG+0.01%
Published-17 Sep, 2025 | 22:00
Updated-25 Sep, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationNVIDIA Corporation
Product-linux_kerneltriton_inference_serverwindowsTriton Inference Server
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29371
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.24% / 79.65%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29255
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 31.92%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 12:47
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM DB2 for Linux, UNIX and Windows denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29332
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-15.22% / 94.75%
||
7 Day CHG+0.61%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_kubernetes_serviceAzure Kubernetes Service
CWE ID-CWE-330
Use of Insufficiently Random Values
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29359
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.81%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDI Elevation of Privilege Vulnerability

GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1040
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-29 Oct, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2016windows_server_2012Windows ServerHyper-V RemoteFX
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1032
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-0.59% / 69.69%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008Windows Server
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 24
  • 25
  • Next
Details not found