Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-18878

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Jun, 2019 | 14:03
Updated At-05 Aug, 2024 | 11:23
Rejected At-
Credits

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Jun, 2019 | 14:03
Updated At:05 Aug, 2024 | 11:23
Rejected At:
▼CVE Numbering Authority (CNA)

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://applied-risk.com/labs/advisories
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02
x_refsource_MISC
Hyperlink: https://applied-risk.com/labs/advisories
Resource:
x_refsource_MISC
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://applied-risk.com/labs/advisories
x_refsource_MISC
x_transferred
https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02
x_refsource_MISC
x_transferred
Hyperlink: https://applied-risk.com/labs/advisories
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Jun, 2019 | 15:15
Updated At:18 Jun, 2019 | 19:03

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches

columbiaweather
columbiaweather
>>weather_microserver_firmware>>ms_2.6.9900
cpe:2.3:o:columbiaweather:weather_microserver_firmware:ms_2.6.9900:*:*:*:*:*:*:*
columbiaweather
columbiaweather
>>weather_microserver>>-
cpe:2.3:h:columbiaweather:weather_microserver:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://applied-risk.com/labs/advisoriescve@mitre.org
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02cve@mitre.org
Third Party Advisory
US Government Resource
Hyperlink: https://applied-risk.com/labs/advisories
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

803Records found

CVE-2014-0254
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-32.68% / 98.13%
||
7 Day CHG~0.00%
Published-12 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_8windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12235
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.94% / 93.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-21 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-industrial_ethernet_2000_4s-ts-g-l_switchindustrial_ethernet_2000_4ts-g-l_switchindustrial_ethernet_2000_16tc-g-n_switchindustrial_ethernet_2000_16tc-g-e_switchindustrial_ethernet_2000_4ts-g-b_switchindustrial_ethernet_2000_8t67p-g-e_switchindustrial_ethernet_2000_16t67p-g-e_switchindustrial_ethernet_2000_4t-g-b_switchindustrial_ethernet_2000_16tc-g-x_switchindustrial_ethernet_2000_16ptc-g-nx_switchindustrial_ethernet_2000_8tc-g-e_switchindustrial_ethernet_2000_8tc-g-l_switchindustrial_ethernet_2000_8tc-g-n_switchiosindustrial_ethernet_2000_16tc-l_switchindustrial_ethernet_2000_24t67-b_switchindustrial_ethernet_2000_16t67-b_switchindustrial_ethernet_2000_16tc-g-l_switchindustrial_ethernet_2000_4t-b_switchindustrial_ethernet_2000_8tc-g-b_switchindustrial_ethernet_2000_series_firmwareindustrial_ethernet_2000_16ptc-g-l_switchindustrial_ethernet_2000_8tc-l_switchindustrial_ethernet_2000_8t67-b_switchindustrial_ethernet_2000_4ts-b_switchindustrial_ethernet_2000_8tc-b_switchindustrial_ethernet_2000_4t-l_switchindustrial_ethernet_2000_4s-ts-g-b_switchindustrial_ethernet_2000_4t-g-l_switchindustrial_ethernet_2000_4ts-l_switchindustrial_ethernet_2000_16ptc-g-e_switchCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1426
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.92% / 77.37%
||
7 Day CHG~0.00%
Published-13 Mar, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "fills up the message queue."

Action-Not Available
Vendor-astrocamn/a
Product-astrocamn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-11781
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-14.40% / 96.19%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Server Block Message (SMB)
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12233
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.94% / 93.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-21 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-1100-lte_integrated_services_router1111-4pwe1117-4plteeaweesr-6300-con-k91101-4p_integrated_services_routeresr-6300-ncp-k9catalyst_ie3400_heavy_duty_switch1921_integrated_services_router1113-8pwe1803_integrated_service_router1941_integrated_services_router1100-8p_integrated_services_router1812_integrated_service_routercatalyst_ie93001100_integrated_services_router1116-4pwecatalyst_ie3300_rugged_switch1111x-8p1801_integrated_service_router1906c_integrated_services_router1100-4gltena_integrated_services_router1120_integrated_services_router1100-4g\/6g_integrated_services_router1905_integrated_services_router1100-4p_integrated_services_routercatalyst_ie3400_rugged_switch1101-4p1100-4gltegb_integrated_services_router1100-4p1131_integrated_services_routercatalyst_ie3200_rugged_switch1117-4pmlteeawe1000_integrated_services_router1109-4p1120_connected_grid_router1941w_integrated_services_routerios1117-4pmwe1101_integrated_services_router1802_integrated_service_router1841_integrated_service_router11201100-6g_integrated_services_router1100-8p1113-8pmwe1116-4plteeawe1160_integrated_services_router1100_terminal_services_gateways1109-2p1861_integrated_service_router1100-4g_integrated_services_router1811_integrated_service_router1111-8pwb1113-8plteeawe1117-4pweCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12215
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-1.67% / 73.91%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asyncosCisco Email Security Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12246
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-6.54% / 92.98%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwareCisco Adaptive Security Appliance Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-399
Not Available
CVE-2017-11553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.74% / 74.96%
||
7 Day CHG~0.00%
Published-23 Jul, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.

Action-Not Available
Vendor-n/aExiv2
Product-exiv2n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16196
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.34% / 87.19%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_cs_3000_entry_classb\/m9000_vpfast\/toolscentum_vp_firmwarecentum_cs_3000_firmwareplant_resource_managercentum_vpexaopccentum_cs_3000prosafe-rscentum_vp_entry_classMultiple Yokogawa products that contain Vnet/IP Open Communication Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12234
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.94% / 93.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-21 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-1100-lte_integrated_services_router1111-4pwe1117-4plteeaweesr-6300-con-k91101-4p_integrated_services_routeresr-6300-ncp-k9catalyst_ie3400_heavy_duty_switch1921_integrated_services_router1113-8pwe1803_integrated_service_router1941_integrated_services_router1100-8p_integrated_services_router1812_integrated_service_routercatalyst_ie93001100_integrated_services_router1116-4pwecatalyst_ie3300_rugged_switch1111x-8p1801_integrated_service_router1906c_integrated_services_router1100-4gltena_integrated_services_router1120_integrated_services_router1100-4g\/6g_integrated_services_router1905_integrated_services_router1100-4p_integrated_services_routercatalyst_ie3400_rugged_switch1101-4p1100-4gltegb_integrated_services_router1100-4p1131_integrated_services_routercatalyst_ie3200_rugged_switch1117-4pmlteeawe1000_integrated_services_router1109-4p1120_connected_grid_router1941w_integrated_services_routerios1117-4pmwe1101_integrated_services_router1802_integrated_service_router1841_integrated_service_router11201100-6g_integrated_services_router1100-8p1113-8pmwe1116-4plteeawe1160_integrated_services_router1100_terminal_services_gateways1109-2p1861_integrated_service_router1100-4g_integrated_services_router1811_integrated_service_router1111-8pwb1113-8plteeawe1117-4pweCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15483
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.87% / 76.78%
||
7 Day CHG~0.00%
Published-07 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 09:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.

Action-Not Available
Vendor-konen/a
Product-group_controller_firmwaregroup_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14339
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.52% / 87.80%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.30% / 94.25%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-wr840nn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1693
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.35% / 81.64%
||
7 Day CHG~0.00%
Published-17 May, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.

Action-Not Available
Vendor-yaten/a
Product-yet_another_telephony_enginen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12694
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 70.48%
||
7 Day CHG~0.00%
Published-23 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wa850retl-wa850re_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-11615
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-3.35% / 87.20%
||
7 Day CHG~0.00%
Published-30 Aug, 2018 | 12:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.

Action-Not Available
Vendor-mosca_projectnpm
Product-moscanpm mosca
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-185
Incorrect Regular Expression
CVE-2017-11411
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 67.02%
||
7 Day CHG~0.00%
Published-18 Jul, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-10688
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.72% / 93.14%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-11408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.06% / 79.01%
||
7 Day CHG~0.00%
Published-18 Jul, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-3942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-75.74% / 99.46%
||
7 Day CHG+1.99%
Published-31 Jul, 2006 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1070
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 53.96%
||
7 Day CHG+0.01%
Published-12 Jun, 2018 | 13:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-openshift_container_platformrouting
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1081
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-2.67% / 83.90%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-416
Use After Free
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1082
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.36%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 14:00
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10922
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.17%
||
7 Day CHG~0.00%
Published-02 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values.

Action-Not Available
Vendor-ttembed_project[UNKNOWN]
Product-ttembedttembed
CWE ID-CWE-20
Improper Input Validation
CVE-2018-11071
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.85% / 76.47%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-isilon_onefsisilonsd_edgeIsilonSD EdgeIsilon OneFS
CWE ID-CWE-20
Improper Input Validation
CVE-2017-11410
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.30% / 67.02%
||
7 Day CHG~0.00%
Published-18 Jul, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-10943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.28%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.

Action-Not Available
Vendor-barcon/a
Product-clickshare_cse-200clickshare_cs-100_firmwareclickshare_cse-200_firmwareclickshare_cs-100n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1000617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.82% / 76.17%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack).

Action-Not Available
Vendor-n/aAtlassian
Product-floodlight_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5476
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.94% / 77.69%
||
7 Day CHG~0.00%
Published-27 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5477
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.89% / 77.02%
||
7 Day CHG~0.00%
Published-27 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000014
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.82% / 76.20%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000189
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.27% / 80.90%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()

Action-Not Available
Vendor-ejsn/a
Product-ejsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000230
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.51%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.

Action-Not Available
Vendor-snap7_projectn/a
Product-snap7_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27253
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.52%
||
7 Day CHG~0.00%
Published-26 Nov, 2020 | 01:36
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.

Action-Not Available
Vendor-n/aRockwell Automation, Inc.
Product-factorytalk_linxFactoryTalk Linx
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000394
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.55%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 02:00
Updated-05 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.

Action-Not Available
Vendor-n/aJenkins
Product-jenkinsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3861
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-83.02% / 99.63%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25195
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.45% / 70.29%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 19:38
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.

Action-Not Available
Vendor-hostengn/a
Product-h0-ecom100_firmwareh2-ecom100_firmwareh0-ecom100h4-ecom100h4-ecom100_firmwareh2-ecom100Host Engineering H0-ECOM100 ModuleHost Engineering H4-ECOM100 ModuleHost Engineering H2-ECOM100 Module
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0726
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.37% / 94.79%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000018
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.82% / 76.20%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000048
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.40% / 81.98%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

Action-Not Available
Vendor-qs_projectn/a
Product-qsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0422
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-1.60% / 72.78%
||
7 Day CHG~0.00%
Published-08 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9578
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.49% / 82.71%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 21:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

Action-Not Available
Vendor-spice_projectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationspiceenterprise_linux_desktopspice
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.20% / 89.74%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.

Action-Not Available
Vendor-cryptoppn/aDebian GNU/Linux
Product-debian_linuxcrypto\+\+n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9692
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-1.61% / 73.00%
||
7 Day CHG~0.00%
Published-05 May, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_cast_iron_solutionWebSphere Cast Iron Cloud integration
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9579
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-4.40% / 90.14%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 16:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.
Product-ceph_storageenterprise_linux_serverubuntu_linuxenterprise_linux_workstationenterprise_linuxceph_storage_monceph_storage_osdenterprise_linux_desktopceph
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9253
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.74%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerbig-ip_analyticsbig-ip_websafebig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9249
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-2.01% / 78.51%
||
7 Day CHG~0.00%
Published-31 Jan, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerbig-ip_analyticsbig-ip_websafebig-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_application_security_managerF5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 77.62%
||
7 Day CHG~0.00%
Published-11 Dec, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9564
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.44% / 69.92%
||
7 Day CHG~0.00%
Published-30 Nov, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.

Action-Not Available
Vendor-boan/a
Product-boan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.67% / 92.05%
||
7 Day CHG~0.00%
Published-08 Dec, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found