Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-14360

Summary
Assigner-microfocus
Assigner Org ID-f81092c5-7f14-476d-80dc-24857f90be84
Published At-08 Nov, 2017 | 14:00
Updated At-05 Aug, 2024 | 19:27
Rejected At-
Credits

MFSBGN03791 rev.1 - HPE Content Manager Workgroup Service, Denial of Service (DoS)

A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microfocus
Assigner Org ID:f81092c5-7f14-476d-80dc-24857f90be84
Published At:08 Nov, 2017 | 14:00
Updated At:05 Aug, 2024 | 19:27
Rejected At:
â–¼CVE Numbering Authority (CNA)
MFSBGN03791 rev.1 - HPE Content Manager Workgroup Service, Denial of Service (DoS)

A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

Affected Products
Vendor
Micro Focus International LimitedMicro Focus
Product
HPE Content Manager Workgroup Service
Versions
Affected
  • 9.00
Problem Types
TypeCWE IDDescription
textN/ADenial of Service (DoS)
Type: text
CWE ID: N/A
Description: Denial of Service (DoS)
Metrics
VersionBase scoreBase severityVector
3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Micro Focus would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue to security-alert@hpe.com
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/101792
vdb-entry
x_refsource_BID
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03006302
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/101792
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03006302
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/101792
vdb-entry
x_refsource_BID
x_transferred
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03006302
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101792
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03006302
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@opentext.com
Published At:08 Nov, 2017 | 14:29
Updated At:13 May, 2026 | 00:24

A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Secondary
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
HP Inc.
hp
>>content_manager>>9.0
cpe:2.3:a:hp:content_manager:9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/101792security@opentext.com
N/A
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03006302security@opentext.com
N/A
http://www.securityfocus.com/bid/101792af854a3a-2127-422b-91ae-364da2661108
N/A
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03006302af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.securityfocus.com/bid/101792
Source: security@opentext.com
Resource: N/A
Hyperlink: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03006302
Source: security@opentext.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/101792
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03006302
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

771Records found
CVE-2004-1858
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.58% / 69.24%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character.

Action-Not Available
Vendor-n/aHP Inc.
Product-web_jetadminn/a
CVE-2002-1474
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.53% / 67.36%
||
7 Day CHG~0.00%
Published-18 Mar, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64n/a
CVE-2002-1475
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.53% / 67.36%
||
7 Day CHG~0.00%
Published-18 Mar, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64n/a
CVE-2002-1232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.45% / 89.29%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

Action-Not Available
Vendor-n/aHP Inc.Debian GNU/LinuxRed Hat, Inc.
Product-debian_linuxlinuxsecure_osn/a
CVE-2001-1124
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.79% / 74.34%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-0106
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.68% / 71.97%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-0606
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.46% / 64.62%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.

Action-Not Available
Vendor-n/aHP Inc.Sun Microsystems (Oracle Corporation)
Product-virtualvaultiplanet_web_servern/a
CVE-2019-2769
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.64% / 70.95%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-15 Oct, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxopenSUSEMcAfee, LLCHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxxp7_command_viewepolicy_orchestratorjreenterprise_linux_workstationenterprise_linuxenterprise_linux_eussatellitejdkenterprise_linux_desktopleapJava
CVE-2000-1064
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.64% / 71.09%
||
7 Day CHG~0.00%
Published-29 Nov, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetdirectn/a
CVE-2000-1062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.64% / 71.09%
||
7 Day CHG~0.00%
Published-29 Nov, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetdirectn/a
CVE-2000-1065
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.59% / 69.62%
||
7 Day CHG~0.00%
Published-29 Nov, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetdirectn/a
CVE-2000-0444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.20% / 90.12%
||
7 Day CHG~0.00%
Published-15 Jun, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetadminn/a
CVE-2000-1058
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.48% / 93.76%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-1999-0779
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.71% / 72.65%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in HP-UX SharedX recserv program.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0684
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.80% / 74.39%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in Sendmail 8.8.6 in HPUX.

Action-Not Available
Vendor-n/aHP Inc.
Product-sendmailn/a
CVE-1999-0513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-25.58% / 96.35%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Action-Not Available
Vendor-digitaln/aHP Inc.IBM CorporationLinux Kernel Organization, IncNetBSDFreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-sunossolarisunixfreebsdhp-uxaixlinux_kernelnetbsdn/a
CVE-1999-0016
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-80.99% / 99.18%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Land IP denial of service.

Action-Not Available
Vendor-n/aHP Inc.Microsoft CorporationCisco Systems, Inc.NetBSDGNUSun Microsystems (Oracle Corporation)
Product-sunoswindows_ntinetioswindows_95hp-uxwinsocknetbsdn/a
CVE-2006-4015
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.55% / 87.93%
||
7 Day CHG~0.00%
Published-07 Aug, 2006 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_switch_3500ylprocurve_switch_5400zlprocurve_switch_6200yln/a
CVE-2018-7123
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-32.25% / 96.94%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 14:10
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-287
Improper Authentication
CVE-2018-7116
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-4.94% / 89.84%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerHPE Intelligent Management Center (IMC)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7115
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-9.01% / 92.79%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.Hewlett Packard Enterprise (HPE)
Product-windowsintelligent_management_centerHPE Intelligent Management Center (IMC)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-2815
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 68.94%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxSchneider Electric SEOracle CorporationHP Inc.Red Hat, Inc.Canonical Ltd.
Product-enterprise_linux_server_ausenterprise_linux_server_tusjdkjrockitenterprise_linux_serverenterprise_linux_workstationjrestruxureware_data_center_expertdebian_linuxxp7_command_viewubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusJava
CVE-2018-2796
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.21%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxSchneider Electric SEOracle CorporationHP Inc.Red Hat, Inc.Canonical Ltd.
Product-enterprise_linux_server_ausenterprise_linux_server_tusjdkjrockitenterprise_linux_serverenterprise_linux_workstationjrestruxureware_data_center_expertdebian_linuxxp7_command_viewubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eussatelliteJava
CVE-2018-2799
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.The Apache Software FoundationOracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxxp7_command_viewenterprise_linux_server_eusjreenterprise_linux_server_ausenterprise_linux_workstationxerces-jsatellitejdkenterprise_linux_server_tusenterprise_linux_desktopstruxureware_data_center_expertjrockitJava
CVE-2018-2603
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.24%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2018-19642
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.1||MEDIUM
EPSS-0.17% / 37.24%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 16:55
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5

Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

Action-Not Available
Vendor-Micro Focus International Limited
Product-solutions_business_managerSolutions Business Manager (SBM)
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12469
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.73%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 13:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.

Action-Not Available
Vendor-Micro Focus International Limited
Product-enterprise_developerenterprise_serverMicro Focus Enterprise Developer, Micro Focus Enterprise Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-5808
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-18.20% / 95.33%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-data_protectorData Protector
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5818
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-13.58% / 94.38%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3277
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.41% / 80.87%
||
7 Day CHG~0.00%
Published-13 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvmsn/a
CVE-2012-3250
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.41% / 80.87%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_center_serverservice_manager_servern/a
CVE-2021-3821
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 54.23%
||
7 Day CHG-0.02%
Published-21 Nov, 2022 | 21:27
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.

Action-Not Available
Vendor-HP Inc.
Product-futuresmart_5HP FutureSmart
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43780
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.44%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 17:42
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.

Action-Not Available
Vendor-HP Inc.
Product-m2u94b_firmwarez4b27az4a73a_firmwarez4a59a_firmwarez4b29a_firmwarez4a59am2u85bm2u85b_firmwarem2u92a_firmwarez4a70am2u89bz4a71az4a70a_firmwarem2u84a_firmwarem2u81b_firmwarem2u86b_firmwarem2u86cm2u91am2u86bz4b14am2u91bz4a74am2u92b_firmwarem2u81a_firmwarem2u91b_firmwarez4b28az4b29am2u92az4b12a_firmwarem2u81am2u87a_firmwarez4a69a_firmwarez4a60az4b14a_firmwarem2u81bm2u82am2u77az4a54am2u75am2u87bz4b13a_firmwarez4a74a_firmwarem2u75a_firmwarem2u77a_firmwarez4b18az4a61am2u76a_firmwarem2u82a_firmwarem2u84am2u76am2u84b_firmwarez4a71a_firmwarem2u86c_firmwarez4a61b_firmwarem2u92bz4b12az4b28a_firmwarem2u82b_firmwarem2u82bm2u94a_firmwarem2u87az4b18a_firmwarez4a54a_firmwarem2u91a_firmwarem2u87b_firmwarez4a61a_firmwarem2u86a_firmwarem2u94az4a73az4a69am2u88bm2u84bz4a61bm2u94bm2u85az4a60a_firmwarez4b27a_firmwarem2u89b_firmwarez4b13am2u86am2u85a_firmwarem2u88b_firmwareCertain HP ENVY, OfficeJet, and DeskJet printers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-28639
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-0.12% / 29.83%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 20:06
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.

Action-Not Available
Vendor-n/aHP Inc.Hewlett Packard Enterprise (HPE)
Product-proliant_xl290n_gen10_plus_serverstoreeasy_1860_storageproliant_dx190r_gen10_serverapollo_n2800_gen10_plusproliant_dl345_gen10_plus_serverproliant_dx385_gen10_plus_serverstorage_performance_file_controllerproliant_xl645d_gen10_plus_serveredgeline_e920_server_bladeapollo_n2600_gen10_plusintegrated_lights-out_5_firmwareproliant_dx380_gen10_plus_serverstoreeasy_1460_storageproliant_e910_server_bladeproliant_dx380_gen10_serverproliant_dl360_gen10_serverproliant_dx560_gen10_serverapollo_r2000_chassisapollo_4200_gen10_plus_systemproliant_dl380_gen10_serverapollo_4200_gen10_serverstoreeasy_1660_performance_storagestorage_file_controllerapollo_r2600_gen10proliant_dl365_gen10_plus_serverproliant_dl360_gen10_plus_serveredgeline_e920d_server_bladeproliant_microserver_gen10_plusproliant_xl675d_gen10_plus_serverproliant_dx170r_gen10_serverproliant_dl380_gen10_plus_serverproliant_m750_server_bladeapollo_4510_gen10_systemproliant_xl170r_gen10_serverproliant_dx4200_gen10_serverproliant_xl225n_gen10_plus_1u_nodeproliant_dl580_gen10_serverstoreeasy_1660_expanded_storageproliant_xl220n_gen10_plus_serverproliant_dx385_gen10_plus_v2_serverproliant_ml30_gen10_serverintegrated_lights-out_5proliant_dl110_gen10_plus_telco_serverproliant_ml30_gen10_plus_serverproliant_dl385_gen10_plus_v2_serverproliant_dl325_gen10_serverproliant_xl450_gen10_serverapollo_2000_gen10_plus_systemproliant_dl20_gen10_serverstoreeasy_1560_storageproliant_xl270d_gen10_serverstoreeasy_1660_storageproliant_dl160_gen10_serveredgeline_e920t_server_bladeproliant_xl420_gen10_serverproliant_dx220n_gen10_plus_serverproliant_dx360_gen10_serverapollo_6500_gen10_plusproliant_dx360_gen10_plus_serverproliant_ml350_gen10_serverproliant_dl325_gen10_plus_v2_serverapollo_r2800_gen10proliant_e910t_server_bladeproliant_dl385_gen10_serverproliant_xl190r_gen10_serverproliant_bl460c_gen10_server_bladeproliant_dl325_gen10_plus_serverproliant_xl925g_gen10_plus_1u_4-node_configure-to-order_serverproliant_dl180_gen10_serverstoreeasy_1860_performance_storageproliant_dl385_gen10_plus_serverapollo_4500proliant_dl560_gen10_serverproliant_xl230k_gen10_serverproliant_dl20_gen10_plus_serverproliant_dx325_gen10_plus_v2_serverproliant_ml110_gen10_serverHPE Integrated Lights-Out 5 (iLO 5)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42398
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 19:37
Updated-24 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.Aruba Networks
Product-arubaosinstantosHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10arubaosinstant
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-5390
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-11.16% / 93.64%
||
7 Day CHG+0.56%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Linux Kernel Organization, IncF5, Inc.A10 NetworksCisco Systems, Inc.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxtelepresence_video_communication_server_firmwarebig-ip_webacceleratortelepresence_conductor_firmwarebig-ip_application_acceleration_managerenterprise_linux_server_eusbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausmeeting_managementtelepresence_conductorbig-ip_local_traffic_managerbig-ip_application_security_managerwebex_hybrid_data_securitythreat_grid-cloudtelepresence_video_communication_serverenterprise_linux_workstationbig-ip_access_policy_managerenterprise_linux_desktopvirtualizationtraffix_systems_signaling_delivery_controlleradvanced_core_operating_systemaruba_airwave_ampbig-ip_global_traffic_managerexpressway_seriesaruba_clearpass_policy_managerbig-ip_analyticsbig-ip_domain_name_systemexpresswaybig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllercollaboration_meeting_roomsdigital_network_architecture_centerwebex_video_meshenterprise_linux_server_tusbig-ip_advanced_firewall_managernetwork_assurance_engineLinux Kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42397
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.42%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 18:51
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-instantosHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42399
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 19:48
Updated-13 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)Aruba Networks
Product-instantosarubaosHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10instantarubaos
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-2794
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.76%
||
7 Day CHG+0.05%
Published-18 Nov, 2022 | 20:48
Updated-29 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack.

Action-Not Available
Vendor-HP Inc.
Product-pagewide_pro_452dw_d3q16a_firmwarepagewide_pro_477dw_d3q20apagewide_352dw_j6u57a_firmwarepagewide_377dw_j9v80a_firmwarepagewide_352dw_j6u57apagewide_pro_452dn_d3q15a_firmwarepagewide_managed_p57750dw_j9v82a_firmwarepagewide_pro_577z_k9z76apagewide_managed_p55250dw_j6u55b_firmwarepagewide_pro_477dn_d3q19apagewide_pro_577z_k9z76a_firmwarepagewide_pro_577dw_d3q21apagewide_managed_p55250dw_j6u55bpagewide_managed_p55250dw_j6u51bpagewide_managed_p55250dw_j6u55apagewide_managed_p57750dw_j9v82apagewide_pro_552dw_d3q17a_firmwarepagewide_pro_477dn_d3q19a_firmwarepagewide_377dw_j9v80apagewide_managed_p55250dw_j6u55a_firmwarepagewide_pro_577dw_d3q21a_firmwarepagewide_pro_477dw_d3q20a_firmwarepagewide_pro_452dn_d3q15apagewide_managed_p55250dw_j6u51b_firmwarepagewide_pro_552dw_d3q17apagewide_pro_452dw_d3q16aCertain HP PageWide Pro printers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-45621
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.20%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:54
Updated-14 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; arubaosinstantos
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-45622
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.20%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:55
Updated-12 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-4063
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.00%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 17:27
Updated-20 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.

Action-Not Available
Vendor-HP Inc.
Product-1mr70a_firmware1mr79a1mr72a_firmware1kr55d_firmware1mr76a_firmware3uk91b3ul00d_firmware1kr48a_firmware1kr46a1kr42a_firmware1mr73a3uk96d_firmware1mr77a_firmware1kr48a3uk84a_firmware1kr54a1mr78b_firmware1mr75a3uk97d_firmware3uk99d1mr73d1mr66a3uk86b1mr80d_firmware3uk97d1kr49a3uk90d_firmware1mr71a_firmware3uk83a_firmwarey8m28d1kr54a_firmware1mr74a_firmware1kr46a_firmware1mr68a3uk83b_firmware1mr78a_firmware1mr70a1mr74a1kr45a1mr66a_firmware3uk84a3uk91b_firmware3uk96d3uk85d3uk93d_firmware1mr78a1mr79a_firmware1mr69a3uk99d_firmware1mr77a3uk83b1mr76a1kr55d1mr69a_firmware3ul00d1kr49a_firmware1kr45a_firmware1mr75a_firmware3uk98d_firmware1mr69c3ul05b_firmware1mr68a_firmware1mr71a1mr78b1mr80d3ul05b3uk93d1mr73d_firmware1kr55b1mr72a1kr55b_firmware3uk85d_firmwarey8m28d_firmware1mr67a_firmware3uk86b_firmware1kr55a_firmware1mr67a3uk90d1kr55a1mr69c_firmware1kr42a3uk98d3uk83a1mr73a_firmwareCertain HP OfficeJet Pro Printers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-38741
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.24%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 17:19
Updated-09 Oct, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformlinux_kernelhp-uxwindowsaixTXSeries for Multiplatformstxseries_for_multiplatforms
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12524
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.60%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 14:39
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact BTP Touch Panels uncontrolled resource consumption

Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-btp_2043wbtp_2070w_firmwarebtp_2102w_firmwarebtp_2043w_firmwarebtp_2070wbtp_2102wBTP Touch Panel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 77.63%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 00:00
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Action-Not Available
Vendor-nicn/anic
Product-knot_resolvern/aknot_resolver
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.80% / 74.47%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 16:35
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.

Action-Not Available
Vendor-fanucn/a
Product-series_31iseries_30iseries_35i-bseries_0i-model_b_firmwareseries_35i-b_firmwarepower_motion_i-model_aseries_16iseries_18iseries_18i_firmwareseries_0i-model_f_plus_firmwareseries_0i-model_dseries_0i-model_fseries_16i_firmwareseries_0i-mate_d_firmwareseries_0i-model_cseries_31i_firmwareseries_0i-model_f_plusseries_0i-mate_dseries_0i-model_d_firmwareseries_32i-b_plusseries_0i-model_f_firmwareseries_0i-model_bpower_motion_i-model_a_firmwareseries_32i-model_aseries_21i-model_b_firmwareseries_21i-model_bseries_18i-wbseries_0i-model_c_firmwareseries_18i-wb_firmwareseries_32i-b_plus_firmwareseries_32i-model_a_firmwareseries_30i_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 74.18%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 13:53
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.

Action-Not Available
Vendor-envoyproxyn/a
Product-envoyn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12516
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.20%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 03:04
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAGO: PLC families 750-88x and 750-352 prone to DoS attack

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

Action-Not Available
Vendor-wagoWAGO
Product-750-352750-881_firmware750-829_firmware750-331750-885_firmware750-829750-885750-831750-881750-831_firmware750-880750-882_firmware750-352_firmware750-880_firmware750-889_firmware750-882750-852_firmware750-852750-889750-331_firmware750-331/xxx-xxx750-352750-831/xxx-xxx750-889750-880/xxx-xxx750-882750-829750-885750-852750-881
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12662
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.14% / 94.94%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 13:50
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Action-Not Available
Vendor-nlnetlabsn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraunboundleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-1699
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.9||CRITICAL
EPSS-0.32% / 55.26%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 15:20
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in causefx/organizr

Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

Action-Not Available
Vendor-organizrcausefx
Product-organizrcausefx/organizr
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found