Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-6011

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Oct, 2013 | 17:00
Updated At-16 Sep, 2024 | 17:48
Rejected At-
Credits

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Oct, 2013 | 17:00
Updated At:16 Sep, 2024 | 17:48
Rejected At:
▼CVE Numbering Authority (CNA)

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.citrix.com/article/ctx139017
x_refsource_CONFIRM
http://archives.neohapsis.com/archives/bugtraq/2013-10/0016.html
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://support.citrix.com/article/ctx139017
Resource:
x_refsource_CONFIRM
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2013-10/0016.html
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.citrix.com/article/ctx139017
x_refsource_CONFIRM
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2013-10/0016.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://support.citrix.com/article/ctx139017
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2013-10/0016.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Oct, 2013 | 17:55
Updated At:11 Apr, 2025 | 00:51

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_application_delivery_controller_firmware>>10.0
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.0:*:*:*:*:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_application_delivery_controller_firmware>>10.0.e
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.0.e:*:*:*:*:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_application_delivery_controller>>-
cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/bugtraq/2013-10/0016.htmlcve@mitre.org
N/A
http://support.citrix.com/article/ctx139017cve@mitre.org
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2013-10/0016.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://support.citrix.com/article/ctx139017af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2013-10/0016.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.citrix.com/article/ctx139017
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2013-10/0016.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.citrix.com/article/ctx139017
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

498Records found
CVE-2015-2829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.29% / 79.31%
||
7 Day CHG~0.00%
Published-12 May, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-netscaler_gateway_firmwarenetscaler_application_delivery_controller_firmwaren/a
CVE-2014-3798
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.61% / 89.03%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:14
Updated-06 Aug, 2024 | 10:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4603
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.78% / 90.30%
||
7 Day CHG~0.00%
Published-10 Jan, 2020 | 20:22
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)Microsoft Corporation
Product-windowsxenapp_onlinereceivern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3498
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.07% / 20.82%
||
7 Day CHG~0.00%
Published-23 Nov, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenserverxenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3495
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-23 Nov, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenserverxenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2883
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.37% / 58.40%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-access_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4247
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.61% / 69.45%
||
7 Day CHG~0.00%
Published-11 Jan, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCitrix (Cloud Software Group, Inc.)
Product-linux_kernelxenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-3466
Matching Score-6
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Citrix Systems, Inc.
CVSS Score-8.3||HIGH
EPSS-1.12% / 77.88%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 18:21
Updated-21 Oct, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reflected Cross-Site Scripting (XSS)

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-netscaler_application_delivery_controllernetscaler_gatewayNetScaler ADC NetScaler Gateway
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-1085
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.04% / 13.04%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and information disclosure but attacker doesn't have control over what information is obtained. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1065
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.48%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 15:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1066
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.28%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 15:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1084
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.88%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Microsoft CorporationNVIDIA CorporationLinux Kernel Organization, Inc
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinehypervisorwindowsvirtual_gpu_managervsphereNVIDIA Virtual GPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1080
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.88%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1060
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.69%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 15:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

Action-Not Available
Vendor-nutanixRed Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Microsoft CorporationNVIDIA CorporationLinux Kernel Organization, Inc
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinehypervisorwindowsvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8195
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-73.09% / 98.75%
||
7 Day CHG~0.00%
Published-10 Jul, 2020 | 15:39
Updated-30 Oct, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-5000-wonetscaler_gateway_firmware5100-wogateway_plug-in_for_linux4000-wosd-wan_wanop4100-woapplication_delivery_controller_firmwaregateway_firmwareCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-8187
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-1.15% / 78.14%
||
7 Day CHG~0.00%
Published-10 Jul, 2020 | 15:35
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-application_delivery_controllernetscaler_gateway_firmwarenetscaler_gatewayapplication_delivery_controller_firmwareCitrix ADC, Citrix Gateway
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9380
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.06%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9385
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.10% / 28.59%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9383
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.33%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9379
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.10% / 28.08%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6259
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.27% / 49.79%
||
7 Day CHG~0.00%
Published-02 Aug, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenserverxenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6877
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.78% / 73.26%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenmobile_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5433
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 28.40%
||
7 Day CHG~0.00%
Published-17 Jun, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-ios_receivern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-10024
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-26 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

Action-Not Available
Vendor-n/aXen ProjectCitrix (Cloud Software Group, Inc.)
Product-xenxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7704
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.94% / 94.16%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Citrix (Cloud Software Group, Inc.)McAfee, LLCNetApp, Inc.
Product-oncommand_unified_manageroncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapxenserverenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_security_managerntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7705
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-31.03% / 96.62%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

Action-Not Available
Vendor-ntpn/aNetApp, Inc.Siemens AGCitrix (Cloud Software Group, Inc.)
Product-oncommand_unified_manageroncommand_performance_managertim_4r-ie_dnp3_firmwareclustered_data_ontaptim_4r-ie_dnp3xenservertim_4r-ie_firmwaretim_4r-ientpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6282
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.88%
||
7 Day CHG~0.00%
Published-25 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6260
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.36%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Zyxel Networks Corporation
Product-nexus_5596upgs1900-10hp_firmwarenexus_5672upnexus_5548pnexus_5648qnexus_5696qnexus_5548upnexus_5596tnexus_5624qnexus_56128pn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6279
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.58% / 68.44%
||
7 Day CHG~0.00%
Published-28 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-3942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-86.20% / 99.38%
||
7 Day CHG~0.00%
Published-31 Jul, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6278
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.58% / 68.44%
||
7 Day CHG~0.00%
Published-28 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-65.92% / 98.47%
||
7 Day CHG~0.00%
Published-05 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.Apple Inc.
Product-bindmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-20611
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.09%
||
7 Day CHG-0.17%
Published-01 Dec, 2021 | 15:41
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_q03udvcpumelsec_iq-r_r16_cpumelsec_q03udecpumelsec_q173dcpu-s1_firmwaremelsec_iq-r_r08_sfcpu_firmwaremelsec_q03udvcpu_firmwaremelsec_iq-r_r08_pcpu_firmwaremelsec_iq-r_r16_cpu_firmwaremelsec_q170mscpu\(-s1\)melsec_iq-r_r32_pcpu_firmwaremelsec_iq-r_r08_pcpumelsec_q10udecpumelsec_l06cpu\(-p\)_firmwaremelsec_iq-r_r32_sfcpumelipc_mi5122-vwmelsec_iq-r_r32_mtcpu_firmwaremelsec_iq-r_r32_mtcpumelsec_q26udvcpumelsec_q172dscpu_firmwaremelsec_q172dcpu-s1melsec_q26dhccpu-lsmelsec_iq-r_r120_sfcpu_firmwaremelsec_iq-r_r02_cpumelipc_mi5122-vw_firmwaremelsec_iq-r_r01_cpu_firmwaremelsec_iq-r_r64_mtcpu_firmwaremelsec_q06udvcpu_firmwaremelsec_l26cpu\(-p\)melsec_q06udecpu_firmwaremelsec_iq-r_r16_pcpu_firmwaremelsec_q170mcpumelsec_iq-r_r16_mtcpumelsec_q06udecpumelsec_q13udpvcpu_firmwaremelsec_iq-r_r08_cpumelsec_iq-r_r04_cpu_firmwaremelsec_iq-r_r00_cpu_firmwaremelsec_q13udvcpumelsec_q170mcpu_firmwaremelsec_q04udvcpu_firmwaremelsec_q04udpvcpumelsec_q13udecpumelsec_iq-r_r16_sfcpu_firmwaremelsec_q06udvcpumelsec_q173dcpu-s1melsec_q100udecpu_firmwaremelsec_q10udecpu_firmwaremelsec_q12dccpu-v_firmwaremelsec_iq-r_r01_cpumelsec_iq-r_r32_cpu_firmwaremelsec_iq-r_r16_mtcpu_firmwaremelsec_q170mscpu\(-s1\)_firmwaremelsec_iq-r_r02_cpu_firmwaremelsec_q24dhccpu-v\(g\)_firmwaremelsec_q13udecpu_firmwaremelsec_iq-r_r04_pcpumelsec_q26udvcpu_firmwaremelsec_q13udpvcpumelsec_mr-mq100melsec_iq-r_r120_pcpumelsec_q24dhccpu-ls_firmwaremelsec_iq-r_r08_cpu_firmwaremelsec_iq-r_r04_pcpu_firmwaremelsec_q26udpvcpu_firmwaremelsec_iq-r_r64_mtcpumelsec_q04udpvcpu_firmwaremelsec_iq-r_r08_sfcpumelsec_q172dscpumelsec_iq-r_r32_cpumelsec_l02cpu\(-p\)melsec_q26udecpumelsec_q06udpvcpumelsec_q20udecpu_firmwaremelsec_iq-r_r32_sfcpu_firmwaremelsec_q24dhccpu-v\(g\)melsec_l06cpu\(-p\)melsec_mr-mq100_firmwaremelsec_q04udecpumelsec_q13udvcpu_firmwaremelsec_l02cpu\(-p\)_firmwaremelsec_q100udecpumelsec_q06udpvcpu_firmwaremelsec_q172dcpu-s1_firmwaremelsec_q20udecpumelsec_iq-r_r16_pcpumelsec_iq-r_r12_ccpu-vmelsec_iq-r_r12_ccpu-v_firmwaremelsec_iq-r_r120_sfcpumelsec_q04udecpu_firmwaremelsec_iq-r_r04_cpumelsec_iq-r_r00_cpumelsec_l26cpu\(-p\)_firmwaremelsec_q173dscpu_firmwaremelsec_q50udecpu_firmwaremelsec_iq-r_r16_sfcpumelsec_q173dscpumelsec_iq-r_r32_pcpumelsec_iq-r_r120_cpumelsec_q12dccpu-vmelsec_l26cpu-\(p\)btmelsec_q26dhccpu-ls_firmwaremelsec_q04udvcpumelsec_q50udecpumelsec_q26udecpu_firmwaremelsec_q03udecpu_firmwaremelsec_q24dhccpu-lsmelsec_l26cpu-\(p\)bt_firmwaremelsec_iq-r_r120_cpu_firmwaremelsec_iq-r_r120_pcpu_firmwaremelsec_q26udpvcpuMELSEC Q Series Q100UDEHCPUMELSEC L Series L06CPU-PMELSEC iQ-R Series R120PSFCPUMELSEC iQ-R Series R16MTCPUMELSEC iQ-R Series R32PSFCPUMELSEC L Series L02CPU-PMELSEC iQ-R Series R04ENCPUMELSEC iQ-R Series R120PCPUMELSEC iQ-R Series R120SFCPUMELSEC iQ-R Series R16PCPUMELSEC iQ-R Series R32SFCPUMELSEC iQ-R Series R64MTCPUMELSEC Q Series Q24DHCCPU-V MELSEC Q Series Q173DCPU-S1MELSEC Q Series Q170MSCPUMELSEC Q Series Q50UDEHCPUMELSEC Q Series Q173DSCPUMELSEC iQ-R Series R08PSFCPUMELSEC iQ-R Series R16SFCPUMELSEC iQ-R Series R16CPUMELSEC L Series L06CPUMELSEC iQ-R Series R16PSFCPUMELSEC Q Series Q04UDPVCPUMELSEC iQ-R Series R04CPUMELSEC iQ-R Series R32MTCPUMELSEC iQ-R Series R32PCPUMELSEC iQ-R Series R01CPUMELSEC Q Series Q06UDEHCPUMELSEC Q Series Q13UDEHCPUMELSEC Q Series Q20UDEHCPUMELIPC Series MI5122-VWMELSEC iQ-R Series R08CPUMELSEC Q Series MR-MQ100MELSEC iQ-R Series R00CPUMELSEC iQ-R Series R08PCPUMELSEC Q Series Q06UDPVCPUMELSEC Q Series Q04UDVCPUMELSEC Q Series Q170MSCPU-S1MELSEC L Series L26CPU-BTMELSEC iQ-R Series R32CPUMELSEC Q Series Q24DHCCPU-LSMELSEC Q Series Q170MCPUMELSEC Q Series Q13UDVCPUMELSEC L Series L26CPUMELSEC Q Series Q26DHCCPU-LSMELSEC iQ-R Series R120CPUMELSEC iQ-R Series R02CPUMELSEC Q Series Q12DCCPU-VMELSEC Q Series Q26UDEHCPUMELSEC Q Series Q06UDVCPUMELSEC iQ-R Series R120ENCPUMELSEC Q Series Q172DSCPUMELSEC Q Series Q26UDVCPUMELSEC L Series L02CPUMELSEC Q Series Q03UDVCPUMELSEC iQ-R Series R08ENCPUMELSEC Q Series Q26UDPVCPUMELSEC L Series L26CPU-PBTMELSEC iQ-R Series R32ENCPUMELSEC iQ-R Series R16ENCPUMELSEC Q Series Q03UDECPUMELSEC Q Series Q172DCPU-S1MELSEC iQ-R Series R08SFCPUMELSEC L Series L26CPU-PMELSEC Q Series Q04UDEHCPUMELSEC iQ-R Series R12CCPU-VMELSEC Q Series Q13UDPVCPUMELSEC Q Series Q24DHCCPU-VGMELSEC Q Series Q10UDEHCPU
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0061
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.57% / 68.22%
||
7 Day CHG~0.00%
Published-05 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3750_series_integrated_wireless_lan_controllercatalyst_6500_series_integrated_wireless_lan_controllerwireless_lan_controller_software4400_wireless_lan_controllercatalyst_7600_series_wireless_lan_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0120
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-14.36% / 94.25%
||
7 Day CHG~0.00%
Published-15 Jan, 2009 | 00:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_datapower_xml_security_gateway_xs40n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6291
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.10% / 77.66%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_appliancen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0059
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.98% / 76.45%
||
7 Day CHG~0.00%
Published-05 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3750_series_integrated_wireless_lan_controllercatalyst_6500_series_integrated_wireless_lan_controllerwireless_lan_controller_software4400_wireless_lan_controllercatalyst_7600_series_wireless_lan_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5091
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.97% / 83.25%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readermacosacrobat_dcwindowsacrobatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6122
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.70% / 90.22%
||
7 Day CHG~0.00%
Published-11 Feb, 2009 | 17:25
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wgr614n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6497
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-10.84% / 93.20%
||
7 Day CHG~0.00%
Published-20 Mar, 2009 | 00:00
Updated-07 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI.

Action-Not Available
Vendor-tpn/a
Product-neostrada_livebox_adsl_routern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12669
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 63.55%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-21 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3560ioscatalyst_3560-xcatalyst_3560-eCisco IOS XE Software 3.2.9SG
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3913
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.05%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s5720his5700si_firmwares7700_firmwares2300s2750ei_firmwares12700_firmwares5300ei_firmwares7700s5700hi_firmwares5300hi_firmwares5720hi_firmwares9700_firmwares6700ei_firmwares2700_firmwares5700his9300_firmwares5300lis2350ei_firmwares5700li_firmwares3300s5700ei_firmwares5300li_firmwares3700s2300_firmwares2750eis5700eis3300_firmwares12700s5710his6300eis6300ei_firmwares2350eis9700s5700sis5300eis5300sis6700eis5700lis5710hi_firmwares9300s5300si_firmwares3700_firmwares5300his2700n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.92% / 83.03%
||
7 Day CHG~0.00%
Published-08 Jan, 2009 | 18:13
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values.

Action-Not Available
Vendor-norteln/a
Product-multimedia_communication_server_5100n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2177
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-50.64% / 97.78%
||
7 Day CHG~0.00%
Published-07 Mar, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_s7-300_cpusimatic_s7-300_cpu_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.28% / 79.26%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.01% / 76.73%
||
7 Day CHG~0.00%
Published-20 Oct, 2008 | 22:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2341
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.74% / 72.53%
||
7 Day CHG~0.00%
Published-13 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-playerfusionworkstationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4999
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-13.23% / 93.99%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue.

Action-Not Available
Vendor-norteln/a
Product-unistim_ip_phonen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3810
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.92% / 83.03%
||
7 Day CHG~0.00%
Published-26 Sep, 2008 | 16:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-15.06% / 94.42%
||
7 Day CHG~0.00%
Published-01 Oct, 2008 | 15:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.

Action-Not Available
Vendor-n/aSamsung
Product-dvr_shr2040n/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found