Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-1025

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-12 Jun, 2019 | 13:49
Updated At-20 May, 2025 | 17:50
Rejected At-
Credits

Windows Denial of Service Vulnerability

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:12 Jun, 2019 | 13:49
Updated At:20 May, 2025 | 17:50
Rejected At:
▼CVE Numbering Authority (CNA)
Windows Denial of Service Vulnerability

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1703
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1803
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 1803 (Server Core Installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1709 for 32-bit Systems
Platforms
  • 32-bit Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1709
Platforms
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1507
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.10240.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1607
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7 Service Pack 1
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 8.1
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 6.3.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.0.6003.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2 (Server Core installation)
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 6.0.6003.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
Platforms
  • IA64-based Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.0.6003.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Systems Service Pack 1
Platforms
  • IA64-based Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.7601.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.7601.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1903 for 32-bit Systems
Platforms
  • Unknown
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1903 for x64-based Systems
Platforms
  • Unknown
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1903 for ARM64-based Systems
Platforms
  • Unknown
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 1903 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ADenial of Service
Type: Impact
CWE ID: N/A
Description: Denial of Service
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1025
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1025
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1025
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1025
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:12 Jun, 2019 | 14:29
Updated At:20 May, 2025 | 18:15

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Secondary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1703
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1709
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1803
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1903
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_rt_8.1>>-
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1803
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1903
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1025secure@microsoft.com
N/A
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1025af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1025
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1025
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

184Records found
CVE-2007-3351
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.47%
||
7 Day CHG~0.00%
Published-22 Jun, 2007 | 18:00
Updated-07 Aug, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets.

Action-Not Available
Vendor-sj_labsn/aMicrosoft CorporationDell Inc.
Product-windows_mobileaxim_x3sjphonen/a
CVE-2007-3282
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-46.59% / 97.58%
||
7 Day CHG~0.00%
Published-19 Jun, 2007 | 22:00
Updated-07 Aug, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_msodatasourcecontrol_activexofficen/a
CVE-2007-2414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.74% / 81.71%
||
7 Day CHG~0.00%
Published-01 May, 2007 | 10:00
Updated-07 Aug, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-myservern/aMicrosoft Corporation
Product-all_windowsmyservern/a
CVE-2007-2228
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-71.22% / 98.65%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 22:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_serverwindows_xpwindows_vistawindows_2000n/a
CVE-2007-1094
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-34.74% / 96.88%
||
7 Day CHG~0.00%
Published-26 Feb, 2007 | 17:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2015-0015
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-38.14% / 97.11%
||
7 Day CHG~0.00%
Published-13 Jan, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2003windows_server_2012n/a
CVE-2007-1981
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.16%
||
7 Day CHG~0.00%
Published-12 Apr, 2007 | 01:00
Updated-07 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.

Action-Not Available
Vendor-metamod-pn/aMicrosoft Corporation
Product-metamod-pall_windowsn/a
CVE-2007-1281
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-06 Mar, 2007 | 01:00
Updated-07 Aug, 2024 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.

Action-Not Available
Vendor-n/aKaspersky LabLinux Kernel Organization, IncMicrosoft Corporation
Product-all_windowskaspersky_antivirus_enginelinux_kerneln/a
CVE-2015-0079
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-22.98% / 95.70%
||
7 Day CHG~0.00%
Published-11 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory consumption and RDP outage) by establishing many RDP sessions that do not properly free allocated memory, aka "Remote Desktop Protocol (RDP) Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2012windows_8.1windows_7windows_8n/a
CVE-2007-0933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-37.62% / 97.08%
||
7 Day CHG~0.00%
Published-05 Jun, 2007 | 21:00
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.

Action-Not Available
Vendor-n/aD-Link CorporationMicrosoft Corporation
Product-dwl-g650\+windows_xpn/a
CVE-2007-0087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-35.71% / 96.95%
||
7 Day CHG-1.03%
Published-05 Jan, 2007 | 18:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_servern/a
CVE-2007-0221
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-64.69% / 98.39%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 23:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2007-0878
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-30.88% / 96.57%
||
7 Day CHG~0.00%
Published-12 Feb, 2007 | 20:00
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_mobilen/a
CVE-2007-0039
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-37.96% / 97.10%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 23:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2007-0612
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-53.49% / 97.89%
||
7 Day CHG~0.00%
Published-31 Jan, 2007 | 11:00
Updated-07 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CVE-2021-29725
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.03% / 83.05%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:00
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-solarislinux_kernelsterling_secure_proxywindowssecure_external_authentication_serveraixSecure External Authentication ServerSecure Proxy
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2006-7206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-48.54% / 97.67%
||
7 Day CHG~0.00%
Published-22 Jun, 2007 | 00:00
Updated-07 Aug, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_xpn/a
CVE-2021-35053
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-1.28% / 78.75%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 19:11
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.

Action-Not Available
Vendor-n/aMicrosoft CorporationKaspersky Lab
Product-windowsendpoint_securityKaspersky Endpoint Security for Windows
CVE-2020-1284
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-14.60% / 94.21%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based Systems
CVE-2006-7031
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-25.13% / 95.97%
||
7 Day CHG~0.00%
Published-23 Feb, 2007 | 01:00
Updated-17 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_98windows_meinternet_explorerwindows_2003_serverwindows_embedded_compactwindows_95windows_vistawindows_xpwindows_2000n/a
CVE-2006-6723
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-53.46% / 97.89%
||
7 Day CHG~0.00%
Published-26 Dec, 2006 | 20:00
Updated-07 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000n/a
CWE ID-CWE-399
Not Available
CVE-2021-28311
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.26% / 78.54%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Application Compatibility Cache Denial of Service Vulnerability

Windows Application Compatibility Cache Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-26416
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-4.35% / 88.50%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows Server 2016
CVE-2022-28875
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.23%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 15:09
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-linux_securitycloud_protection_for_salesforceelements_endpoint_protectionatlantelements_collaboration_protectionelements_endpoint_detection_and_responsewindowsmacosinternet_gatekeeperAll F-Secure & WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce & WithSecure Collaboration Protection
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-46803
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.44%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2006-3942
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-85.63% / 99.33%
||
7 Day CHG~0.00%
Published-31 Jul, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46804
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.44%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4447
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.80% / 85.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationCanonical Ltd.HP Inc.Microsoft Corporationlibxml2 (XMLSoft)Debian GNU/LinuxMcAfee, LLC
Product-libxml2icewall_federation_agentitunesubuntu_linuxwatchosweb_gatewayvm_serverwindowsdebian_linuxiphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-2919
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-35.23% / 96.91%
||
7 Day CHG~0.00%
Published-09 Jun, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-netmeetingn/a
CVE-2006-1364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-35.88% / 96.96%
||
7 Day CHG~0.00%
Published-23 Mar, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-asp.netn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-24080
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-20.71% / 95.38%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-01 Oct, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Trust Verification API Denial of Service Vulnerability

Windows Trust Verification API Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2019-1233
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-11.41% / 93.30%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016Microsoft Exchange Server 2019
CVE-2006-0988
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-69.54% / 98.59%
||
7 Day CHG~0.00%
Published-03 Mar, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000windows_2003_servern/a
CVE-2005-3945
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-22.17% / 95.58%
||
7 Day CHG~0.00%
Published-01 Dec, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000windows_2003_servern/a
CVE-2023-46260
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-1.85% / 82.28%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-27 Nov, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5411
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.66% / 85.21%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2005-3644
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-62.11% / 98.28%
||
7 Day CHG~0.00%
Published-17 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000n/a
CVE-2019-0982
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.51% / 88.70%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:24
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-asp.net_coreASP.NET Core
CWE ID-CWE-19
Not Available
CVE-2014-0563
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.35% / 79.33%
||
7 Day CHG~0.00%
Published-17 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-1118
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-12.61% / 93.70%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-10864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 62.99%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:00
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.

Action-Not Available
Vendor-avastn/aMicrosoft Corporation
Product-windowsantivirusn/a
CVE-2014-0254
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-45.04% / 97.50%
||
7 Day CHG~0.00%
Published-12 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2012windows_rtwindows_8n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8269
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-18.69% / 95.03%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.

Action-Not Available
Vendor-Microsoft Corporation
Product-microsoft.data.odataMicrosoft.Data.OData
CVE-2000-0258
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.30% / 94.79%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serverinternet_information_servicesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2000-0305
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-30.69% / 96.56%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.

Action-Not Available
Vendor-ben/aMicrosoft Corporation
Product-windows_ntterminal_serverwindows_95windows_98beoswindows_2000n/a
CVE-2021-1721
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-7.04% / 91.11%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Core and Visual Studio Denial of Service Vulnerability

.NET Core and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019.net.net_corepowershell_corevisual_studio_2017Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)PowerShell Core 7.0.NET 5.0Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Microsoft Visual Studio 2019 version 16.8.NET Core 2.1PowerShell Core 7.1.NET Core 3.1
CVE-2021-1679
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.11% / 88.14%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CryptoAPI Denial of Service Vulnerability

Windows CryptoAPI Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2013-3861
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-77.06% / 98.92%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3860
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-63.82% / 98.35%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3182
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-80.59% / 99.10%
||
7 Day CHG~0.00%
Published-14 Aug, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows NAT Driver (aka winnat) service in Microsoft Windows Server 2012 does not properly validate memory addresses during the processing of ICMP packets, which allows remote attackers to cause a denial of service (memory corruption and system hang) via crafted packets, aka "Windows NAT Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2012n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found