Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-7730

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-11 Jul, 2017 | 17:00
Updated At-05 Aug, 2024 | 16:12
Rejected At-
Credits

iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:11 Jul, 2017 | 17:00
Updated At:05 Aug, 2024 | 16:12
Rejected At:
▼CVE Numbering Authority (CNA)

iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
x_refsource_MISC
Hyperlink: http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
x_refsource_MISC
x_transferred
Hyperlink: http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Jul, 2017 | 17:29
Updated At:13 May, 2026 | 00:24

iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
ismartalarm
ismartalarm
>>cubeone_firmware>>-
cpe:2.3:o:ismartalarm:cubeone_firmware:-:*:*:*:*:*:*:*
ismartalarm
ismartalarm
>>cubeone>>-
cpe:2.3:h:ismartalarm:cubeone:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/cve@mitre.org
Exploit
Third Party Advisory
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1141Records found
CVE-2015-7686
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.72%
||
7 Day CHG~0.00%
Published-03 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.

Action-Not Available
Vendor-email-address_projectn/a
Product-email-addressn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37915
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.37%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 20:02
Updated-10 Oct, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-objectcomputingOpenDDSobjectcomputing
Product-openddsOpenDDSopendds
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38720
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.99%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:52
Updated-12 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

Action-Not Available
Vendor-opengroupMicrosoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37241
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.53%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:30
Updated-19 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2023-3769
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.6||HIGH
EPSS-0.06% / 18.02%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 13:01
Updated-20 Sep, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in Ingeteam's INGEPAC EF

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.

Action-Not Available
Vendor-ingeteamIngeteamingeteam
Product-ingepac_fc5066ingepac_fc5066_firmwareINGEPAC FC5066ingepac_fc5066
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7844
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.23%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusionaccessFusionAccess V100R005C10,V100R005C20
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34432
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.88%
||
7 Day CHG-0.04%
Published-27 Jul, 2021 | 15:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-mosquittoEclipse Mosquitto
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21230
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.31% / 80.25%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2008-5937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.07% / 90.00%
||
7 Day CHG~0.00%
Published-22 Jan, 2009 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.

Action-Not Available
Vendor-zkesoftn/a
Product-ayeviewn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.46% / 95.83%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aCitrix (Cloud Software Group, Inc.)McAfee, LLCRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_eusenterprise_security_managerenterprise_linux_server_ausoncommand_unified_managerxenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6849
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-1.37% / 80.64%
||
7 Day CHG~0.00%
Published-05 Dec, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-networkern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.86% / 94.46%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7749
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 65.14%
||
7 Day CHG~0.00%
Published-19 Oct, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.14% / 93.98%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6278
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.58% / 69.39%
||
7 Day CHG~0.00%
Published-28 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6291
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 62.75%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_appliancen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6282
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.79%
||
7 Day CHG~0.00%
Published-25 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21477
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.94%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-20 Aug, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Modem

Transient DOS while processing CCCH data when NW sends data with invalid length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_778g_5g_mobile_platform_firmwaresm8635p_firmwaresm7325p_firmwarewsa8810_firmwareqcm5430_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresdx57mfastconnect_6700wcd9395wsa8845h_firmwareqca6696sdx55_firmwaresnapdragon_auto_5g_modem-rfsm8550pqcc710qca6391snapdragon_865_5g_mobile_platform_firmwaresnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)wsa8835_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6698aq_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)snapdragon_8_gen_2_mobile_platform_firmwareqcm6490_firmwareqcn6024snapdragon_auto_5g_modem-rf_firmwaresnapdragon_8_gen_3_mobile_platformsnapdragon_x62_5g_modem-rf_system_firmwarewsa8840_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqcs6490qca6574a_firmwaresnapdragon_695_5g_mobile_platformqcc710_firmwareqfw7124sg8275psnapdragon_865_5g_mobile_platformsg8275p_firmwarewcd9370snapdragon_690_5g_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqca8337sm8550p_firmwaresnapdragon_8\+_gen_2_mobile_platformqcm5430snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwarewcd9380snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwarefastconnect_6800_firmwarewsa8815_firmwarefastconnect_6900_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8845_firmwareqca6391_firmwarewcd9375snapdragon_780g_5g_mobile_platformsnapdragon_782g_mobile_platform_\(sm7325-af\)qcs5430_firmwaresm7675_firmwaresnapdragon_480_5g_mobile_platformqcn6274_firmwaresm7675psnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresnapdragon_x65_5g_modem-rf_systemsnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwaresdx57m_firmwarewcn3988315_5g_iot_modem_firmwaresnapdragon_8_gen_1_mobile_platformsnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_x75_5g_modem-rf_systemqca6584au_firmwareqcm6490snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)wcd9360sdx55sm7675sm7675p_firmwareqca6584ausm8635_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)snapdragon_8\+_gen_1_mobile_platform_firmwarear8035snapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwarewcd9380_firmwarefastconnect_6200_firmwaresnapdragon_8\+_gen_1_mobile_platformwcd9395_firmwarefastconnect_6200qca6574awcn6740_firmwarewsa8830_firmwarewcd9375_firmwaresnapdragon_4_gen_1_mobile_platformar8035_firmwareqcs8550wsa8832_firmwareqcs8550_firmwareqcs5430wsa8835315_5g_iot_modemwsa8840wsa8845fastconnect_7800snapdragon_8_gen_3_mobile_platform_firmwareqca8081_firmwareqca8337_firmwarewsa8830sm7325pwsa8832fastconnect_6800wcn3988_firmwaresm7250psnapdragon_8_gen_2_mobile_platformqcn6224snapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwarewcd9385snapdragon_auto_5g_modem-rf_gen_2qca6595au_firmwareqca6696_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_x70_modem-rf_systemsnapdragon_x72_5g_modem-rf_systemwcd9385_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)sm7250p_firmwarewcn6740snapdragon_x70_modem-rf_system_firmwarewcd9370_firmwarewsa8815sm8635snapdragon_888_5g_mobile_platformwcn6755fastconnect_6700_firmwareqca6595ausnapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwarewsa8845hwcd9390_firmwarewcd9341wsa8810snapdragon_888_5g_mobile_platform_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)snapdragon_x75_5g_modem-rf_system_firmwareqcn6274qfw7114snapdragon_695_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqfw7114_firmwarewcd9340wcd9390wcd9360_firmwarevideo_collaboration_vc3_platformsnapdragon_auto_5g_modem-rf_gen_2_firmwarefastconnect_7800_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8081wcd9340_firmwareqcn6024_firmwarefastconnect_6900qcn9024_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)snapdragon_x62_5g_modem-rf_systemsnapdragon_782g_mobile_platform_\(sm7325-af\)_firmwareqcn9024wcd9341_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)sm8635pqca6698aqqcs6490_firmwaresnapdragon_x55_5g_modem-rf_systemqfw7124_firmwaresnapdragon_778g_5g_mobile_platformwcn6755_firmwareqcn6224_firmwaresnapdragon_7c\+_gen_3_computeSnapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 17.20%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGo
Product-godebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6260
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.25%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Zyxel Networks Corporation
Product-nexus_5624qnexus_5648qnexus_5596upnexus_5548pgs1900-10hp_firmwarenexus_5672upnexus_5696qnexus_5596tnexus_56128pnexus_5548upn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32695
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.30% / 53.86%
||
7 Day CHG~0.00%
Published-27 May, 2023 | 15:44
Updated-13 Jan, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient validation when decoding a Socket.IO packet

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.

Action-Not Available
Vendor-socketsocketio
Product-socket.io-parsersocket.io-parser
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-33217
Matching Score-4
Assigner-IDEMIA
ShareView Details
Matching Score-4
Assigner-IDEMIA
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 10:45
Updated-02 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing integrity check on upgrade package

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

Action-Not Available
Vendor-idemiaIDEMIA
Product-morphowave_sp_firmwaresigma_widemorphowave_compactsigma_wide_firmwaremorphowave_xp_firmwaresigma_extremesigma_lite\+morphowave_xpmorphowave_spvisionpass_firmwaremorphowave_compact_firmwarevisionpasssigma_lite\+_firmwaresigma_litesigma_extreme_firmwaresigma_lite_firmwareVisionPassMorphoWave Compact/XPSIGMA ExtremeMorphoWave SPSIGMA WideSIGMA Lite & Lite +
CWE ID-CWE-20
Improper Input Validation
CVE-2023-33100
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 15:05
Updated-13 Jan, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfw7124_firmwarefastconnect_6700_firmwareqcn6274wsa8840_firmwarewsa8832qcc710qcs4490snapdragon_x35_5g_modem-rffastconnect_7800_firmwaresnapdragon_8_gen_3_mobile_firmwarewcd9370qfw7124qcm4490snapdragon_4_gen_2_mobilesnapdragon_auto_5g_modem-rf_gen_2qfw7114wsa8810_firmwareqcn6024sg8275p_firmwarewsa8845_firmwaresnapdragon_8\+_gen_2_mobilesnapdragon_8_gen_1_mobileqcn6224qcc710_firmwaresnapdragon_4_gen_2_mobile_firmwareqcm4490_firmwareqcm8550snapdragon_auto_5g_modem-rf_gen_2_firmwarewcd9390ar8035wcd9340wsa8835wcn3950fastconnect_7800qcn6274_firmwarewcd9395_firmwarewsa8845h_firmwarewsa8830snapdragon_x70_modem-rfqfw7114_firmwareqca8337qca6584au_firmwareqcs8550_firmwarefastconnect_6900snapdragon_x35_5g_modem-rf_firmwarewsa8845snapdragon_8_gen_2_mobile_firmwareqca6584auwsa8835_firmwareqep8111_firmwarefastconnect_6700qcn6224_firmwaresnapdragon_x75_5g_modem-rfqca6174awcd9390_firmwarewsa8815_firmwaresnapdragon_x65_5g_modem-rf_firmwaresnapdragon_8_gen_2_mobilewcn3988qcn6024_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewsa8845hwsa8815sm8550p_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380wsa8832_firmwarewcn3950_firmwarewcd9385wcd9395sm8550pwcd9340_firmwaresnapdragon_x75_5g_modem-rf_firmwareqca8081_firmwareqep8111wsa8830_firmwaresnapdragon_8\+_gen_1_mobile_firmwareqcn9024_firmwareqca6698aqqcs4490_firmwaresnapdragon_x70_modem-rf_firmwareqcs8550wcd9380_firmwaresnapdragon_8_gen_1_mobile_firmwaresnapdragon_x65_5g_modem-rfqca6698aq_firmwareqca6174a_firmwareqca8081wsa8840sg8275pwcn3988_firmwareqcm8550_firmwareqcn9024wcd9370_firmwaresnapdragon_8\+_gen_1_mobilear8035_firmwaresnapdragon_8_gen_3_mobileqca8337_firmwarewsa8810Snapdragonqca6174a_firmwareqca8337_firmwareqcm4490_firmwareqcm8550_firmwareqca6584au_firmwareqcn6274_firmwareqcs4490_firmwareqep8111_firmwareqfw7114_firmwaresg8275p_firmwarefastconnect_6900_firmwareqcn6024_firmwareqcs8550_firmwaresm8550p_firmwarear8035_firmwareqcc710_firmwareqcn6224_firmwarefastconnect_6700_firmwareqcn9024_firmwarefastconnect_7800_firmwareqca8081_firmwareqfw7124_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6698aq_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32463
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-3.4||LOW
EPSS-0.27% / 50.82%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 07:51
Updated-08 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_e665n_firmwarevxrail_p580n_vcfvxrail_e560nvxrail_e560f_vcfvxrail_d560vxrail_v470vxrail_g560f_vcfvxrail_g560fvxrail_e660fvxrail_s670vxrail_p570_vcfvxrail_d560_firmwarevxrail_p570_vcf_firmwarevxrail_vd-4000r_firmwarevxrail_s570vxrail_v570f_vcf_firmwarevxrail_e560n_vcfvxrail_p675nvxrail_p570f_firmwarevxrail_p570f_vcf_firmwarevxrail_p670nvxrail_s570_firmwarevxrail_vd-4000zvxrail_e560f_vcf_firmwarevxrail_p570f_vcfvxrail_v570fvxrail_e665f_firmwarevxrail_p675fvxrail_p570_firmwarevxrail_s470_firmwarevxrail_e665fvxrail_p470vxrail_p670fvxrail_e560_vcf_firmwarevxrail_e560f_firmwarevxrail_e660nvxrail_s670_firmwarevxrail_p670n_firmwarevxrail_v570f_firmwarevxrail_v570_vcfvxrail_vd-4000rvxrail_s570_vcf_firmwarevxrail_e560vxrail_d560f_firmwarevxrail_p670f_firmwarevxrail_e660n_firmwarevxrail_s570_vcfvxrail_e460_firmwarevxrail_e660_firmwarevxrail_v670fvxrail_e560fvxrail_v570f_vcfvxrail_vd-4520cvxrail_e560n_firmwarevxrail_e560_vcfvxrail_g560_vcf_firmwarevxrail_g560vxrail_d560fvxrail_g560_vcfvxrail_p570vxrail_g560f_vcf_firmwarevxrail_vd-4000z_firmwarevxrail_v570vxrail_e665vxrail_p570fvxrail_e660f_firmwarevxrail_vd-4510cvxrail_vd-4000wvxrail_vd-4510c_firmwarevxrail_p580n_vcf_firmwarevxrail_v470_firmwarevxrail_vd-4520c_firmwarevxrail_p580n_firmwarevxrail_v670f_firmwarevxrail_v570_firmwarevxrail_v570_vcf_firmwarevxrail_e560n_vcf_firmwarevxrail_g560f_firmwarevxrail_p470_firmwarevxrail_p580nvxrail_e665_firmwarevxrail_g560_firmwarevxrail_e660vxrail_s470vxrail_e665nvxrail_e560_firmwarevxrail_p675n_firmwarevxrail_vd-4000w_firmwarevxrail_p675f_firmwarevxrail_e460Dell EMC VxRail Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6497
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-12.49% / 94.08%
||
7 Day CHG~0.00%
Published-20 Mar, 2009 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI.

Action-Not Available
Vendor-tpn/a
Product-neostrada_livebox_adsl_routern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32690
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.48% / 65.35%
||
7 Day CHG-0.17%
Published-01 Jun, 2023 | 16:15
Updated-08 Jan, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Responder can Invoke Undefined Behavior in libspdm Requester

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder's unvalidated CTExponent. A patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder's CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder.

Action-Not Available
Vendor-dmtfDMTF
Product-libspdmlibspdm
CWE ID-CWE-20
Improper Input Validation
CVE-2023-33099
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 15:05
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Multi-Mode Call Processor

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6431qcm8550_firmwarewsa8845_firmwaresd865_5gwsa8832snapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwaresxr2130_firmwarewcd9370qca8081_firmwaresnapdragon_860_mobile_firmwaresnapdragon_x35_5g_modem-rfar8035_firmwareqca6696snapdragon_778g\+_5g_mobilesnapdragon_x70_modem-rf_firmwarewcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024sd888_firmwareqcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700snapdragon_780g_5g_mobilesnapdragon_750g_5g_mobilesnapdragon_782g_mobile_firmwarewsa8815_firmwarewsa8832_firmwareqca8337_firmwareqca8337qca6426_firmwarewcd9395sg8275p_firmwareqcm6490_firmwaresnapdragon_690_5g_mobile_firmwaresm7250p_firmwarewcd9341qcm4490_firmwarewcd9390snapdragon_888\+_5g_mobile_firmwarewcn3950wsa8810_firmwarewsa8845h_firmwaresnapdragon_870_5g_mobile_firmwaresnapdragon_778g_5g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_690_5g_mobilefastconnect_6800_firmwareqcs5430snapdragon_778g\+_5g_mobile_firmwaresnapdragon_870_5g_mobileqcn6024_firmwareqcm5430sm7250pqcm5430_firmwareqca6584auqcn6274_firmwaresd888qcc710snapdragon_xr2_5g_firmwarewcn6740snapdragon_768g_5g_mobilesnapdragon_780g_5g_mobile_firmwaresnapdragon_8_gen_3_mobile_firmwarefastconnect_6800qfw7114_firmware315_5g_iot_modem_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_865_5g_mobile_firmwareqep8111qfw7114wcd9385_firmware315_5g_iot_modemqca6421fastconnect_6900_firmwarewcd9380wcd9360snapdragon_xr2_5gsnapdragon_x65_5g_modem-rfqcs4490wsa8845qca6421_firmwaresnapdragon_auto_5g_modem-rf_firmwarewsa8810snapdragon_888_5g_mobile_firmwarevideo_collaboration_vc3_platformqca6595ausnapdragon_888_5g_mobilesnapdragon_4_gen_1_mobile_firmwaresm7315_firmwarewsa8840sd855qcs8550_firmwaresnapdragon_782g_mobilesnapdragon_x35_5g_modem-rf_firmwareqca6431_firmwaresm7315snapdragon_8_gen_2_mobile_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6698aq_firmwareqca6436_firmwaresnapdragon_4_gen_2_mobile_firmwaresnapdragon_888\+_5g_mobilewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobilesnapdragon_865\+_5g_mobileqep8111_firmwaresg8275psnapdragon_855\+_mobilewcd9370_firmwaresdx55_firmwaresnapdragon_765_5g_mobilesnapdragon_860_mobilesnapdragon_auto_5g_modem-rfqca6574asnapdragon_8\+_gen_2_mobilesxr2130qcm4490qca6174asnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6174a_firmwareqcm6490sm7325psm8550p_firmwareqcm8550wcn3988qcs6490_firmwaresnapdragon_765_5g_mobile_firmwareqcn9024qca6584au_firmwaresd855_firmwareqcn6274qca6436qfw7124snapdragon_x70_modem-rfwsa8835qca6595au_firmwareqca6391_firmwarewsa8840_firmwaresnapdragon_855_mobile_firmwareqca6696_firmwareqcn9024_firmwaresdx57mwsa8845hwcd9380_firmwareqca8081wsa8815snapdragon_765g_5g_mobile_firmwarewsa8830sm8550psnapdragon_x75_5g_modem-rfsnapdragon_768g_5g_mobile_firmwarear8035qca6574a_firmwaresdx55snapdragon_4_gen_1_mobilesnapdragon_4_gen_2_mobilesnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwarewcd9375_firmwareqca6391qcn6224snapdragon_865\+_5g_mobile_firmwareqcs5430_firmwareqca6698aqwcn3950_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sm7325p_firmwaresd865_5g_firmwarewcd9360_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375snapdragon_765g_5g_mobilewcn3988_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwaresnapdragon_x75_5g_modem-rf_firmwarewsa8835_firmwareqcs6490snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilesnapdragon_855_mobilesnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragonqca8337_firmwareqcm4490_firmwareqcm8550_firmwaresnapdragon_690_5g_mobile_platform_firmwareqcn6274_firmwareqcs4490_firmwaresnapdragon_778g_5g_mobile_platform_firmware315_5g_iot_modem_firmwareqcm6490_firmwaresg8275p_firmwareqca6431_firmwarefastconnect_6900_firmwareqcs8550_firmwareqcn6224_firmwarefastconnect_6700_firmwareqcn9024_firmwarefastconnect_7800_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwareqca6698aq_firmwareqcm5430_firmwareqca6174a_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqca6696_firmwareqcs6490_firmwareqfw7114_firmwareqcs5430_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwareqcn6024_firmwaresm8550p_firmwaresd888_firmwareqcc710_firmwaresm7325p_firmwaresdx57m_firmwaresd855_firmwaresd865_5g_firmwareqca6426_firmwaresm7315_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_695_5g_mobile_platform_firmwaresdx55_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqca8081_firmwarefastconnect_6800_firmwareqfw7124_firmwaresm7250p_firmwareqca6436_firmwarear8035_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6421_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32890
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 53.91%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:50
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6896mt6855mt6990nr17mt6873mt6893mt6983wmt2735mt6886mt6983tmt6783mt6878mt6891nr16mt6883mt6980dmt6853tmt6813mt6835mt6880mt6875mt6889mt6985mt6890mt6833mt6785tmt6885mt6833pmt6989mt6877nr15mt6781mt6853mt6980mt6895mt6985tmt6877tmt6789mt6983zlr13mt6779mt6897mt6785mt6895tmt6879MT2731, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT8666, MT8667, MT8765, MT8766, MT8768, MT8786, MT8788mt8667mt8765mt8786mt2731mt8768mt6769zmt6769mt8788mt6768mt8666mt6767mt6769tmt8766
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4410
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 83.79%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 16:24
Updated-06 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

Action-Not Available
Vendor-moped_projectn/aFedora Project
Product-mopedfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-25 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31289
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-25 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30446
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.73%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:09
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30631
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.66% / 71.62%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 07:44
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectThe Apache Software Foundation
Product-fedoratraffic_serverdebian_linuxApache Traffic Server
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30442
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.73%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 00:01
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30449
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.73%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:31
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30448
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.73%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:19
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.60% / 85.92%
||
7 Day CHG~0.00%
Published-02 Jan, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.

Action-Not Available
Vendor-n/aNokia Corporation
Product-6131_nfcn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.69%
||
7 Day CHG~0.00%
Published-18 Jul, 2008 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.

Action-Not Available
Vendor-thekelleysn/a
Product-dnsmasqn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1687
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.69%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 15:00
Updated-21 Nov, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550asa_5545-xasa_5505asa_5540adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 71.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.

Action-Not Available
Vendor-3realityn/a
Product-3rsb015bz3rsb015bz_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3790
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.91%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_video_communication_serverexpresswayCisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-399
Not Available
CVE-2008-5872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.92% / 83.72%
||
7 Day CHG~0.00%
Published-08 Jan, 2009 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values.

Action-Not Available
Vendor-norteln/a
Product-multimedia_communication_server_5100n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-13524
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.40% / 61.37%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 17:53
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.

Action-Not Available
Vendor-emersonn/a
Product-rx3i_cpe115_firmwarerx3i_cru320_firmwarerx3i_cru320rx3i_cpe330_firmwarerx3i_cpe400_firmwarerx3i_cpl410rx3i_cpe302_firmwarerx3i_cpe310_firmwarerx3i_cpe100rx3i_cpe400rx3i_cpe302rx3i_cpe305_firmwarerx3i_cpl410_firmwarerx3i_cpe310rx3i_cpe330rx3i_cpe305rx3i_cpe115rx3i_cpe100_firmwareGE PACSystems RX3i
CWE ID-CWE-20
Improper Input Validation
CVE-2023-2915
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-7.5||HIGH
EPSS-10.29% / 93.34%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 15:05
Updated-08 Oct, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanager_thinserverThinManager ThinServerthinmanager_thinserver
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.28% / 79.98%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4999
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-13.23% / 94.30%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue.

Action-Not Available
Vendor-norteln/a
Product-unistim_ip_phonen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29451
Matching Score-4
Assigner-Zabbix
ShareView Details
Matching Score-4
Assigner-Zabbix
CVSS Score-4.7||MEDIUM
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 09:29
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service caused by a bug in the JSON parser

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.

Action-Not Available
Vendor-ZABBIX
Product-zabbixZabbix
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2008-2391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 55.00%
||
7 Day CHG~0.00%
Published-21 May, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1.

Action-Not Available
Vendor-codeplexn/a
Product-subsonicn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29258
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.45%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:12
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29255
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 31.95%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 12:47
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM DB2 for Linux, UNIX and Windows denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found