Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-10895

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-01 Dec, 2017 | 14:00
Updated At-05 Aug, 2024 | 17:50
Rejected At-
Credits

sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:01 Dec, 2017 | 14:00
Updated At:05 Aug, 2024 | 17:50
Rejected At:
▼CVE Numbering Authority (CNA)

sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

Affected Products
Vendor
Tomoki Sanaki
Product
sDNSProxy.exe
Versions
Affected
  • ver1.1.0.0 and earlier
Problem Types
TypeCWE IDDescription
textN/ADenial-of-service (DoS)
Type: text
CWE ID: N/A
Description: Denial-of-service (DoS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jvn.jp/en/jp/JVN71291160/index.html
third-party-advisory
x_refsource_JVN
Hyperlink: https://jvn.jp/en/jp/JVN71291160/index.html
Resource:
third-party-advisory
x_refsource_JVN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jvn.jp/en/jp/JVN71291160/index.html
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN71291160/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:01 Dec, 2017 | 14:29
Updated At:20 Apr, 2025 | 01:37

sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
sdnsproxy_project
sdnsproxy_project
>>sdnsproxy>>Versions up to 1.1.0.0(inclusive)
cpe:2.3:a:sdnsproxy_project:sdnsproxy:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-754Primarynvd@nist.gov
CWE ID: CWE-754
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/jp/JVN71291160/index.htmlvultures@jpcert.or.jp
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN71291160/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: https://jvn.jp/en/jp/JVN71291160/index.html
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://jvn.jp/en/jp/JVN71291160/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2021-31351
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.18%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:16
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset

An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects specific versions of Juniper Networks Junos OS on MX Series: 17.3R3-S11; 17.4R2-S13; 17.4R3 prior to 17.4R3-S5; 18.1R3-S12; 18.2R2-S8, 18.2R3-S7, 18.2R3-S8; 18.3R3-S4; 18.4R3-S7; 19.1R3-S4, 19.1R3-S5; 19.2R1-S6; 19.3R3-S2; 19.4R2-S4, 19.4R2-S5; 19.4R3-S2; 20.1R2-S1; 20.2R2-S2, 20.2R2-S3, 20.2R3; 20.3R2, 20.3R2-S1; 20.4R1, 20.4R1-S1, 20.4R2; 21.1R1; This issue does not affect any version of Juniper Networks Junos OS prior to 15.1X49-D240;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx10008mx150mx10mx2020mx10003mx10016mx2010mx5mx10000mx204mx480mx104junosmx80mx40Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-23372
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-4.4||MEDIUM
EPSS-0.31% / 53.32%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 15:20
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS)

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

Action-Not Available
Vendor-n/aMongoDB, Inc.
Product-mongo-expressmongo-express
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-1010239
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.45%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 16:41
Updated-22 Jul, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.

Action-Not Available
Vendor-davegambleDaveGamble/cJSONOracle Corporation
Product-timesten_in-memory_databasecjsoncJSON
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-10051
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.58%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 19:47
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes.

Action-Not Available
Vendor-suricata-idsn/a
Product-suricatan/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-0068
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.78%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets

The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx550_hmsrx4100srx220srx240srx3600vsrxsrx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600csrxsrx1500Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7853
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.71%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:02
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7854
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-1.91% / 82.55%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:02
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7855
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.26%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:03
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7794
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.18%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 22:57
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Action-Not Available
Vendor-
Product-140cpu67260_firmware140cpu67261_firmwaretsxp573634m140cpu65150tsxp571634m140cpu67861modicon_m580_firmwaretsxh5744m_firmwaretsxh5744m140cpu65160_firmware140cpu67160s_firmware140cpu65160s_firmware140cpu67160_firmware140cpu65860_firmwaretsxp574634m_firmwaretsxp575634mmodicon_m580140cpu65860tsxp575634m_firmwaretsxh5724m_firmware140cpu65160tsxp573634m_firmwaretsxp57454m_firmware140cpu67160140cpu67861_firmwaretsxp57254m_firmwaretsxp57304mtsxp572634mtsxp574634mtsxh5724mtsxp57304m_firmwaretsxp57204m_140cpu67261140cpu67060_firmwaretsxp576634m_firmware140cpu65160s140cpu65260_firmware140cpu67160stsxp57154m_firmwaretsxp57154mtsxp576634mtsxp57454mmodicon_m340tsxp57254mtsxp57554mtsxp572634m_firmwaretsxp57104m_firmware140cpu67260tsxp57104mtsxp57354mtsxp57354m_firmware140cpu65150_firmwaretsxp57204m_firmwaretsxp57554m_firmware140cpu65260140cpu67060tsxp571634m_firmwaremodicon_m340_firmwareModicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7857
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.71%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:04
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7856
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.71%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:03
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-4026
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.49%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 15:24
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot.

Action-Not Available
Vendor-anker-inn/a
Product-roav_dashcam_a1_firmwareroav_dashcam_a1Novatek
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7537
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.18%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:51
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

Action-Not Available
Vendor-n/a
Product-modicon_m580_bmep582040_firmwaretsxp575634_firmwaretsxp574634modicon_m580_bmep583040_firmwaremodicon_m340_bmxp3420102clmodicon_m340_bmxp3420302_firmwaremodicon_m580_bmep583020modicon_m580_bmep586040modicon_m580_bmep584040modicon_m340_bmxp342000modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp3420302cl_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m340_bmxp3420102cl_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep583040tsxp574634_firmwaremodicon_m580_bmep582040modicon_m580_bmep585040modicon_m580_bmep584020_firmwaremodicon_m340_bmxp3420302clmodicon_m340_bmxp3420302modicon_m580_bmep584020modicon_m340_bmxp342020tsxp576634modicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwaremodicon_m580_bmep581020modicon_m580_bmep582020_firmwaretsxp576634_firmwaremodicon_m340_bmxp342000_firmwaremodicon_m340_bmxp3420102tsxp575634modicon_m580_bmep586040_firmwareModicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6811
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.18%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:55
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.

Action-Not Available
Vendor-
Product-modicon_quantum_140noe77101modicon_quantum_140noe77111_firmwaremodicon_quantum_140noe77111modicon_quantum_140noe77101_firmwareModicon Quantum 140 NOE771x1
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
  • Previous
  • 1
  • 2
  • Next
Details not found