Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-2689

Summary
Assigner-debian
Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At-24 Jan, 2020 | 17:46
Updated At-06 Aug, 2024 | 05:24
Rejected At-
Credits

Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:debian
Assigner Org ID:79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At:24 Jan, 2020 | 17:46
Updated At:06 Aug, 2024 | 05:24
Rejected At:
▼CVE Numbering Authority (CNA)

Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

Affected Products
Vendor
The Tor Project
Product
Tor
Versions
Affected
  • before 0.2.4.26
  • 0.2.5.x before 0.2.5.11
Problem Types
TypeCWE IDDescription
textN/AOther
Type: text
CWE ID: N/A
Description: Other
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html
x_refsource_MISC
https://trac.torproject.org/projects/tor/ticket/14129
x_refsource_MISC
Hyperlink: https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html
Resource:
x_refsource_MISC
Hyperlink: https://trac.torproject.org/projects/tor/ticket/14129
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html
x_refsource_MISC
x_transferred
https://trac.torproject.org/projects/tor/ticket/14129
x_refsource_MISC
x_transferred
Hyperlink: https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://trac.torproject.org/projects/tor/ticket/14129
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@debian.org
Published At:24 Jan, 2020 | 18:15
Updated At:31 Jan, 2020 | 21:16

Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
torproject
torproject
>>tor>>Versions before 0.2.4.26(exclusive)
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
torproject
torproject
>>tor>>Versions from 0.2.5.1(inclusive) to 0.2.5.11(exclusive)
cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.htmlsecurity@debian.org
Mailing List
Vendor Advisory
https://trac.torproject.org/projects/tor/ticket/14129security@debian.org
Patch
Vendor Advisory
Hyperlink: https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html
Source: security@debian.org
Resource:
Mailing List
Vendor Advisory
Hyperlink: https://trac.torproject.org/projects/tor/ticket/14129
Source: security@debian.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1637Records found
CVE-2012-4922
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.23% / 89.01%
||
7 Day CHG~0.00%
Published-14 Sep, 2012 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2928
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.94%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 17:22
Updated-06 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.

Action-Not Available
Vendor-torprojectThe Tor Project
Product-torTor
CVE-2021-28090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.98% / 83.96%
||
7 Day CHG-0.01%
Published-19 Mar, 2021 | 04:19
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

Action-Not Available
Vendor-torprojectn/aFedora Project
Product-torfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2012-5573
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.01% / 77.50%
||
7 Day CHG~0.00%
Published-01 Jan, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CVE-2012-2249
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5||MEDIUM
EPSS-0.47% / 65.19%
||
7 Day CHG~0.00%
Published-03 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CVE-2018-0490
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.82% / 74.73%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.

Action-Not Available
Vendor-torprojectn/aDebian GNU/Linux
Product-tordebian_linuxTor
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-0491
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-10.44% / 93.39%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

Action-Not Available
Vendor-torprojectn/a
Product-torTor
CWE ID-CWE-416
Use After Free
CVE-2015-2929
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.95%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 17:22
Updated-06 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.

Action-Not Available
Vendor-torprojectThe Tor Project
Product-torTor
CVE-2026-44601
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.06% / 18.85%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 03:09
Updated-08 May, 2026 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.

Action-Not Available
Vendor-torprojecttorproject
Product-torTor
CWE ID-CWE-837
Improper Enforcement of a Single, Unique Action
CVE-2026-44602
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.06% / 18.90%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 03:17
Updated-08 May, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.

Action-Not Available
Vendor-torprojecttorproject
Product-torTor
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34550
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 74.93%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 11:11
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.81% / 83.22%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 23:00
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-0376
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.87% / 75.65%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

Action-Not Available
Vendor-torprojectn/aDebian GNU/Linux
Product-debian_linuxtorTor before 0.3.0.8
CWE ID-CWE-617
Reachable Assertion
CVE-2017-0375
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-1.40% / 80.81%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

Action-Not Available
Vendor-torprojectn/a
Product-torTor before 0.3.0.8
CWE ID-CWE-617
Reachable Assertion
CVE-2016-8860
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.68% / 86.17%
||
7 Day CHG~0.00%
Published-04 Jan, 2017 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4419
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.62% / 82.24%
||
7 Day CHG~0.00%
Published-14 Sep, 2012 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CVE-2020-15572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.63%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 16:02
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-10593
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 79.38%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 12:22
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.

Action-Not Available
Vendor-torprojectn/aopenSUSE
Product-torbackports_sleleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-10592
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.99% / 83.97%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 12:16
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.

Action-Not Available
Vendor-torprojectn/aopenSUSE
Product-torbackportsleapn/a
CVE-2012-2250
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5||MEDIUM
EPSS-0.47% / 65.19%
||
7 Day CHG~0.00%
Published-03 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CVE-2021-28089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.24% / 79.67%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 04:18
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

Action-Not Available
Vendor-torprojectn/aFedora Project
Product-torfedoran/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-1254
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-3.04% / 86.96%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Action-Not Available
Vendor-torprojectn/aopenSUSEDebian GNU/LinuxFedora Project
Product-debian_linuxleaptorfedoraopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2688
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.45% / 64.10%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 17:46
Updated-06 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

Action-Not Available
Vendor-torprojectThe Tor Project
Product-torTor
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-33903
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 71.08%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CVE-2021-38385
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 69.73%
||
7 Day CHG-0.00%
Published-30 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2021-34548
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.54%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 11:00
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2021-34549
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 71.08%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 11:08
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-37915
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.37%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 20:02
Updated-10 Oct, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-objectcomputingOpenDDSobjectcomputing
Product-openddsOpenDDSopendds
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38720
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.99%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:52
Updated-12 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

Action-Not Available
Vendor-opengroupMicrosoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7558
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.43% / 81.06%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe GNOME Project
Product-debian_linuxlibrsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.22% / 44.60%
||
7 Day CHG~0.00%
Published-19 Nov, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-espace_unified_gateway_u1981espace_unified_gateway_u1930espace_firmwareespace_unified_gateway_u1911espace_unified_gateway_u1960espace_unified_gateway_u1910espace_unified_gateway_u1980n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37241
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.53%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:30
Updated-19 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7557
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.52% / 67.18%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-librsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-3769
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.6||HIGH
EPSS-0.06% / 18.02%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 13:01
Updated-20 Sep, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in Ingeteam's INGEPAC EF

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.

Action-Not Available
Vendor-ingeteamIngeteamingeteam
Product-ingepac_fc5066ingepac_fc5066_firmwareINGEPAC FC5066ingepac_fc5066
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7770
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5||MEDIUM
EPSS-1.06% / 78.00%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet.

Action-Not Available
Vendor-n/aDell Inc.
Product-sonicwall_totalsecure_tz_100_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7794
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.8||MEDIUM
EPSS-0.55% / 68.25%
||
7 Day CHG~0.00%
Published-30 Dec, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.

Action-Not Available
Vendor-coregan/a
Product-cg-wlncm4g_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34432
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.88%
||
7 Day CHG-0.04%
Published-27 Jul, 2021 | 15:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-mosquittoEclipse Mosquitto
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.46% / 64.30%
||
7 Day CHG~0.00%
Published-19 Oct, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-screenosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.52% / 67.11%
||
7 Day CHG~0.00%
Published-19 Oct, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21230
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.31% / 80.25%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-7704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.46% / 95.83%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aCitrix (Cloud Software Group, Inc.)McAfee, LLCRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_eusenterprise_security_managerenterprise_linux_server_ausoncommand_unified_managerxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6908
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-5||MEDIUM
EPSS-70.51% / 98.71%
||
7 Day CHG~0.00%
Published-11 Sep, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Action-Not Available
Vendor-openldapn/aApple Inc.
Product-openldapmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2001-0566
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.85% / 94.89%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_2900n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.86% / 94.46%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7428
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 57.34%
||
7 Day CHG~0.00%
Published-03 May, 2017 | 05:13
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.

Action-Not Available
Vendor-netiqn/a
Product-imanagerNetIQ iManager 3.x before 3.0.3.1
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.14% / 93.98%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.47% / 81.34%
||
7 Day CHG~0.00%
Published-20 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue.

Action-Not Available
Vendor-smartertoolsn/a
Product-smarterstatsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5606
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.90%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 18:51
Updated-06 Aug, 2024 | 06:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.

Action-Not Available
Vendor-axwayn/a
Product-vordel_xml_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21477
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.94%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-20 Aug, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Modem

Transient DOS while processing CCCH data when NW sends data with invalid length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_778g_5g_mobile_platform_firmwaresm8635p_firmwaresm7325p_firmwarewsa8810_firmwareqcm5430_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresdx57mfastconnect_6700wcd9395wsa8845h_firmwareqca6696sdx55_firmwaresnapdragon_auto_5g_modem-rfsm8550pqcc710qca6391snapdragon_865_5g_mobile_platform_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)wsa8835_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6698aq_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)snapdragon_8_gen_2_mobile_platform_firmwareqcm6490_firmwareqcn6024snapdragon_auto_5g_modem-rf_firmwaresnapdragon_8_gen_3_mobile_platformsnapdragon_x62_5g_modem-rf_system_firmwarewsa8840_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqcs6490qca6574a_firmwaresnapdragon_695_5g_mobile_platformqcc710_firmwareqfw7124sg8275psnapdragon_865_5g_mobile_platformsg8275p_firmwarewcd9370snapdragon_690_5g_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqca8337sm8550p_firmwaresnapdragon_8\+_gen_2_mobile_platformqcm5430snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwarewcd9380snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwarefastconnect_6800_firmwarewsa8815_firmwarefastconnect_6900_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8845_firmwareqca6391_firmwarewcd9375snapdragon_780g_5g_mobile_platformsnapdragon_782g_mobile_platform_\(sm7325-af\)qcs5430_firmwaresm7675_firmwaresnapdragon_480_5g_mobile_platformqcn6274_firmwaresm7675psnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_x65_5g_modem-rf_systemsnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwaresdx57m_firmwarewcn3988315_5g_iot_modem_firmwaresnapdragon_8_gen_1_mobile_platformsnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_x75_5g_modem-rf_systemqca6584au_firmwareqcm6490snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)wcd9360sdx55sm7675sm7675p_firmwareqca6584ausm8635_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)snapdragon_8\+_gen_1_mobile_platform_firmwarear8035snapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwarewcd9380_firmwarefastconnect_6200_firmwaresnapdragon_8\+_gen_1_mobile_platformwcd9395_firmwarefastconnect_6200qca6574awcn6740_firmwarewsa8830_firmwarewcd9375_firmwaresnapdragon_4_gen_1_mobile_platformar8035_firmwareqcs8550wsa8832_firmwareqcs8550_firmwareqcs5430wsa8835315_5g_iot_modemwsa8840wsa8845fastconnect_7800snapdragon_8_gen_3_mobile_platform_firmwareqca8081_firmwareqca8337_firmwarewsa8830sm7325pwsa8832fastconnect_6800wcn3988_firmwaresm7250psnapdragon_8_gen_2_mobile_platformqcn6224snapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwarewcd9385snapdragon_auto_5g_modem-rf_gen_2qca6595au_firmwareqca6696_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_x70_modem-rf_systemsnapdragon_x72_5g_modem-rf_systemwcd9385_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)sm7250p_firmwarewcn6740snapdragon_x70_modem-rf_system_firmwarewcd9370_firmwarewsa8815sm8635snapdragon_888_5g_mobile_platformwcn6755fastconnect_6700_firmwareqca6595ausnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwarewsa8845hwcd9390_firmwarewcd9341wsa8810snapdragon_888_5g_mobile_platform_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)snapdragon_x75_5g_modem-rf_system_firmwareqcn6274qfw7114snapdragon_695_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqfw7114_firmwarewcd9340wcd9390wcd9360_firmwarevideo_collaboration_vc3_platformsnapdragon_auto_5g_modem-rf_gen_2_firmwarefastconnect_7800_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8081wcd9340_firmwareqcn6024_firmwarefastconnect_6900qcn9024_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)snapdragon_x62_5g_modem-rf_systemsnapdragon_782g_mobile_platform_\(sm7325-af\)_firmwareqcn9024wcd9341_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)sm8635pqca6698aqqcs6490_firmwaresnapdragon_x55_5g_modem-rf_systemqfw7124_firmwaresnapdragon_778g_5g_mobile_platformwcn6755_firmwareqcn6224_firmwaresnapdragon_7c\+_gen_3_computeSnapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 17.20%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGo
Product-godebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 32
  • 33
  • Next
Details not found