Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-4925

Summary
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At-15 Sep, 2017 | 13:00
Updated At-17 Sep, 2024 | 03:03
Rejected At-
Credits

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:vmware
Assigner Org ID:dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At:15 Sep, 2017 | 13:00
Updated At:17 Sep, 2024 | 03:03
Rejected At:
▼CVE Numbering Authority (CNA)

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Affected Products
Vendor
VMware (Broadcom Inc.)VMware
Product
ESXi
Versions
Affected
  • 6.5 without patch ESXi650-201707101-SG
  • 6.0 without patch ESXi600-201706101-SG
  • 5.5 without patch ESXi550-201709101-SG
Vendor
VMware (Broadcom Inc.)VMware
Product
Workstation
Versions
Affected
  • 12.x before 12.5.3
Vendor
VMware (Broadcom Inc.)VMware
Product
Fusion
Versions
Affected
  • 8.x before 8.5.4
Problem Types
TypeCWE IDDescription
textN/ANULL pointer dereference vulnerability
Type: text
CWE ID: N/A
Description: NULL pointer dereference vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1039368
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/100842
vdb-entry
x_refsource_BID
https://www.vmware.com/security/advisories/VMSA-2017-0015.html
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039367
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securitytracker.com/id/1039368
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/100842
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.vmware.com/security/advisories/VMSA-2017-0015.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1039367
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1039368
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/100842
vdb-entry
x_refsource_BID
x_transferred
https://www.vmware.com/security/advisories/VMSA-2017-0015.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1039367
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039368
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/100842
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.vmware.com/security/advisories/VMSA-2017-0015.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039367
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@vmware.com
Published At:15 Sep, 2017 | 13:29
Updated At:20 Apr, 2025 | 01:37

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
VMware (Broadcom Inc.)
vmware
>>esxi>>5.5
cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>5.5
cpe:2.3:o:vmware:esxi:5.5:1:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>5.5
cpe:2.3:o:vmware:esxi:5.5:2:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>5.5
cpe:2.3:o:vmware:esxi:5.5:3a:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>5.5
cpe:2.3:o:vmware:esxi:5.5:3b:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>5.5
cpe:2.3:o:vmware:esxi:5.5:550-20170901001s:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.0
cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/100842security@vmware.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039367security@vmware.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039368security@vmware.com
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0015.htmlsecurity@vmware.com
Vendor Advisory
http://www.securityfocus.com/bid/100842af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039367af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039368af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0015.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/100842
Source: security@vmware.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039367
Source: security@vmware.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039368
Source: security@vmware.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.vmware.com/security/advisories/VMSA-2017-0015.html
Source: security@vmware.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/100842
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039367
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039368
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.vmware.com/security/advisories/VMSA-2017-0015.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1418Records found
CVE-2018-6963
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.00%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 13:00
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-workstationfusionFusionWorkstation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0197
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.18%
||
7 Day CHG~0.00%
Published-01 Apr, 2023 | 04:55
Updated-11 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Red Hat, Inc.NVIDIA CorporationVMware (Broadcom Inc.)
Product-enterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherevGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-0086
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.20%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Canonical Ltd.Citrix (Cloud Software Group, Inc.)
Product-ubuntu_linuxenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gaming
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34678
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.48%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationRed Hat, Inc.VMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-virtual_gpulinux_kernelwindowscloud_gamingenterprise_linux_kernel-based_virtual_machinehypervisorvspherevGPU software (guest driver) - Windows, Linux and vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34682
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.23%
||
7 Day CHG+0.03%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager),NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34679
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.74%
||
7 Day CHG+0.03%
Published-30 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncCitrix (Cloud Software Group, Inc.)Red Hat, Inc.VMware (Broadcom Inc.)
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-4938
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.26%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-fusionworkstationFusionWorkstation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-4900
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.37%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-workstation_playerworkstation_proWorkstation Pro/Player
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31022
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.06%
||
7 Day CHG+0.04%
Published-02 Nov, 2023 | 18:56
Updated-27 Feb, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

Action-Not Available
Vendor-linux-kvmCitrix (Cloud Software Group, Inc.)NVIDIA CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcilinux_kernelvirtual_gpuenterprise_linuxhypervisorwindowsvsphereNVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31021
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.91%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-05 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-linux-kvmVMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Microsoft Corporation
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcivirtual_gpuenterprise_linuxhypervisorvspherevGPU driver and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31026
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6||MEDIUM
EPSS-0.02% / 3.10%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-05 Sep, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.

Action-Not Available
Vendor-linux-kvmVMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Canonical Ltd.Citrix (Cloud Software Group, Inc.)
Product-ubuntu_linuxkernel_virtual_machinevirtual_gpuenterprise_linuxhypervisorvspherevGPU driver and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31018
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.48%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-27 Feb, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-linux-kvmCitrix (Cloud Software Group, Inc.)NVIDIA CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcilinux_kernelvirtual_gpuenterprise_linuxhypervisorwindowsvspherevGPU driver and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4649
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.56%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-1745
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.36%
||
7 Day CHG~0.00%
Published-24 Mar, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2016-4701
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.14% / 34.59%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0220
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.18%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 19:46
Updated-06 Aug, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.

Action-Not Available
Vendor-Apple Inc.
Product-bonjourBonjour
CWE ID-CWE-20
Improper Input Validation
CVE-2009-3621
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.62%
||
7 Day CHG~0.00%
Published-22 Oct, 2009 | 15:26
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEVMware (Broadcom Inc.)Fedora ProjectopenSUSECanonical Ltd.
Product-ubuntu_linuxesxlinux_kernelopensusefedorasuse_linux_enterprise_serversuse_linux_enterprise_desktopvman/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-4343
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.54%
||
7 Day CHG~0.00%
Published-29 Dec, 2010 | 17:27
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-linux_kernelesxn/a
CWE ID-CWE-665
Improper Initialization
CVE-2018-4395
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.58%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4348
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4172
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 24.18%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CVE-2024-23237
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.82%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-25 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-23289
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.59%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-13 Feb, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadoswatchosiOS and iPadOSmacOSwatchOS
CVE-2009-0601
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.04% / 12.39%
||
7 Day CHG~0.00%
Published-16 Feb, 2009 | 20:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFreeBSD FoundationWireshark FoundationSun Microsystems (Oracle Corporation)NetBSDApple Inc.
Product-freebsdsolarislinux_kernelmac_os_xnetbsdwiresharkn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2015-7067
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2025-41227
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.32%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 14:24
Updated-24 Jun, 2025 | 07:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service Vulnerability

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-WorkstationTelco Cloud InfrastructureESXiFusionTelco Cloud PlatformCloud Foundation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-5748
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.08% / 24.22%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_osmac_os_xn/a
CVE-2024-0092
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Microsoft Corporation
Product-ubuntu_linuxstudioazure_stack_hcigpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxGPU display driver, vGPU software, and Cloud Gaming
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2015-1142
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.23%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25252
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.70%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 15:43
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Action-Not Available
Vendor-Linux Kernel Organization, IncNovellELAN Microelectronics CorporationNetApp, Inc.Microsoft CorporationTrend Micro IncorporatedApple Inc.
Product-deep_securityscanmail_for_ibm_dominoserverprotectserverprotect_for_network_appliance_filersworry-free_business_securityofficescanscanmailsafe_lockmacoscloud_edgenetwareportal_protectinterscan_messaging_security_virtual_applianceinterscan_web_security_virtual_appliancecluster_data_ontaplinux_kerneldeep_discovery_email_inspectordeep_discovery_inspectordeep_discovery_analyzerserverprotect_for_storageapex_onewindowscontrol_managerapex_centralcelerra_network_attached_storageTrend Micro Virus Scan API (VSAPI) Engine
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-31245
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.24%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadosvisionostvosmacOSvisionOStvOSiPadOSiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-24235
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.59%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 22:24
Updated-07 Apr, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-24152
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 4.92%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-31 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app may be able to cause unexpected system termination or corrupt kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2025-24184
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.76%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:00
Updated-28 May, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosipadoswatchosiphone_osvisionosmacosiOS and iPadOSiPadOSmacOSwatchOSvisionOStvOS
CVE-2025-24111
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.10%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSiPadOSwatchOSiOS and iPadOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0876
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-17 Aug, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.IBM CorporationMicrosoft Corporation
Product-windowsmac_os_xtivoli_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-21997
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.87%
||
7 Day CHG~0.00%
Published-18 Jun, 2021 | 12:41
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-windowstoolsVMware Tools for Windows
CVE-2021-22020
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.22%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 12:16
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_servercloud_foundationVMware vCenter Server, VMware Cloud Foundation
CVE-2013-5173
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.13% / 33.40%
||
7 Day CHG~0.00%
Published-24 Oct, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2021-1450
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.26%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:31
Updated-08 Nov, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin.

Action-Not Available
Vendor-Linux Kernel Organization, IncCisco Systems, Inc.Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelanyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1066
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.29%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 15:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0985
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.05% / 16.68%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-9843
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-5||MEDIUM
EPSS-0.03% / 6.71%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 16:13
Updated-17 Jan, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

Action-Not Available
Vendor-Ivanti SoftwareApple Inc.
Product-macossecure_access_clientSecure Access Clientsecure_access_client
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-34680
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.43%
||
7 Day CHG+0.02%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationRed Hat, Inc.VMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)Linux Kernel Organization, IncDebian GNU/Linux
Product-virtual_gpulinux_kernelrtxtesladebian_linuxcloud_gamingenterprise_linux_kernel-based_virtual_machinehypervisorvspherequadronvsgpu_display_drivergeforcevGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-197
Numeric Truncation Error
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2022-31693
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.54%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-windowstoolsn/a
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-44197
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-2.7||LOW
EPSS-0.07% / 20.90%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 21:08
Updated-14 Nov, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-44183
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.38%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-24 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-watchostvosipadosvisionosmacosiphone_ostvOSmacOSvisionOSwatchOSiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2007-0751
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-24 May, 2007 | 22:00
Updated-07 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CVE-2007-0710
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.18% / 77.85%
||
7 Day CHG~0.00%
Published-16 Feb, 2007 | 19:00
Updated-07 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.

Action-Not Available
Vendor-n/aApple Inc.
Product-ichatmac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2006-6127
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.52% / 65.69%
||
7 Day CHG~0.00%
Published-27 Nov, 2006 | 00:00
Updated-07 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 28
  • 29
  • Next
Details not found