Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-8588

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-27 Oct, 2020 | 19:37
Updated At-04 Aug, 2024 | 21:24
Rejected At-
Credits

A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:27 Oct, 2020 | 19:37
Updated At:04 Aug, 2024 | 21:24
Rejected At:
▼CVE Numbering Authority (CNA)

A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service.

Affected Products
Vendor
Apple Inc.Apple
Product
AirPort Base Station Firmware Update
Versions
Affected
  • From unspecified before 7.9 (custom)
Vendor
Apple Inc.Apple
Product
AirPort Base Station Firmware Update
Versions
Affected
  • From unspecified before 7.8 (custom)
Problem Types
TypeCWE IDDescription
textN/AA remote attacker may be able to cause a system denial of service
Type: text
CWE ID: N/A
Description: A remote attacker may be able to cause a system denial of service
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT210090
x_refsource_MISC
https://support.apple.com/en-us/HT210091
x_refsource_MISC
Hyperlink: https://support.apple.com/en-us/HT210090
Resource:
x_refsource_MISC
Hyperlink: https://support.apple.com/en-us/HT210091
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT210090
x_refsource_MISC
x_transferred
https://support.apple.com/en-us/HT210091
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/en-us/HT210090
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/en-us/HT210091
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:27 Oct, 2020 | 20:15
Updated At:30 Oct, 2020 | 19:25

A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Apple Inc.
apple
>>airport_base_station_firmware>>Versions before 7.8.1(exclusive)
cpe:2.3:o:apple:airport_base_station_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.apple.com/en-us/HT210090product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT210091product-security@apple.com
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT210090
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT210091
Source: product-security@apple.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

992Records found
CVE-2007-0342
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.34% / 88.47%
||
7 Day CHG~0.00%
Published-18 Jan, 2007 | 02:00
Updated-03 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.

Action-Not Available
Vendor-omnigroupn/aApple Inc.
Product-safarimac_os_xwebkitomniwebn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-1620
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.6||MEDIUM
EPSS-0.07% / 21.19%
||
7 Day CHG~0.00%
Published-08 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-fedoramacosvimvim/vim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0079
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.27% / 83.98%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Action-Not Available
Vendor-sco4dlitebluecoatneoterisstonesofttarantellasecurecomputingn/aAvaya LLCNovellSun Microsystems (Oracle Corporation)Symantec CorporationCisco Systems, Inc.Apple Inc.HP Inc.Check Point Software Technologies Ltd.Silicon Graphics, Inc.OpenBSDRed Hat, Inc.Dell Inc.FreeBSD FoundationOpenSSLVMware (Broadcom Inc.)
Product-wbemfirewall_services_moduleapplication_and_content_networking_softwareaaa_servers8700okena_stormwatchmac_os_xthreat_responseapache-based_web_serverpix_firewallpropacks8500provider-1call_managerciscoworks_common_management_foundationclientless_vpn_gateway_4400secure_content_acceleratorvsus8300stonebeat_fullclustergsx_serverfirewall-1access_registrarstonebeat_securityclustergss_4480_global_site_selectortarantella_enterprisestonegate_vpn_clientproxysgvpn-1mac_os_x_serverenterprise_linux_desktopmds_9000enterprise_linuxwebstaropenserverbsafe_ssl-jioswebnssg203css11000_content_services_switchopenssllinuxintuity_audixserverclustersg5openbsdsg208sg200cacheos_ca_sastonegateciscoworks_common_servicesgss_4490_global_site_selectorimanagerinstant_virtual_extranetedirectorysidewinderhp-uxconverged_communications_serverstonebeat_webclustercrypto_accelerator_4000speed_technologies_litespeed_web_serverfreebsdpix_firewall_softwarecontent_services_switch_11500css_secure_content_acceleratorn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2953
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.24%
||
7 Day CHG-0.03%
Published-30 May, 2023 | 00:00
Updated-10 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Action-Not Available
Vendor-openldapn/aRed Hat, Inc.Apple Inc.NetApp, Inc.
Product-h300smacosh500s_firmwareh410s_firmwareh700s_firmwareh410sh700sh410c_firmwareontap_toolsactive_iq_unified_managerenterprise_linuxh500sh410ch300s_firmwareclustered_data_ontapopenldapopenldap
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-4140
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-0742
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-77.83% / 98.96%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Apple Inc.Debian GNU/LinuxF5, Inc.Canonical Ltd.
Product-nginxleapubuntu_linuxdebian_linuxxcodesoftware_collectionsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-24177
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.37%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 21:46
Updated-04 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_osiOS and iPadOSmacOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-30698
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.57%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:28
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacossafariipadosmacOSiOS and iPadOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2008-5183
Matching Score-10
Assigner-Canonical Ltd.
ShareView Details
Matching Score-10
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-1.97% / 82.79%
||
7 Day CHG~0.00%
Published-21 Nov, 2008 | 02:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSEApple Inc.
Product-debian_linuxopensusecupsmac_os_xmac_os_x_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-54479
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.52%
||
7 Day CHG+0.12%
Published-11 Dec, 2024 | 22:57
Updated-20 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvossafarivisionosmacoswatchOSSafarimacOSiPadOSvisionOStvOSiOS and iPadOS
CVE-2024-54551
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.61%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 23:53
Updated-24 Mar, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-watchostvosipadossafarivisionosmacosiphone_ostvOSiOS and iPadOSvisionOSmacOSSafariwatchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7668
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-51.08% / 97.78%
||
7 Day CHG-2.05%
Published-20 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.The Apache Software FoundationOracle CorporationApple Inc.NetApp, Inc.
Product-oncommand_unified_managerenterprise_linux_desktopenterprise_linux_server_aussecure_global_desktopenterprise_linux_server_tusenterprise_linux_eusclustered_data_ontapenterprise_linux_workstationstoragegridenterprise_linux_serverdebian_linuxhttp_servermac_os_xApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2007-0318
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.51% / 80.47%
||
7 Day CHG~0.00%
Published-18 Jan, 2007 | 00:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2011-1298
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.77%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 18:47
Updated-06 Aug, 2024 | 22:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.

Action-Not Available
Vendor-n/aApple Inc.Google LLC
Product-macosblinkn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-5140
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.18%
||
7 Day CHG~0.00%
Published-19 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0614
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.84% / 92.68%
||
7 Day CHG~0.00%
Published-31 Jan, 2007 | 11:00
Updated-07 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.

Action-Not Available
Vendor-n/aApple Inc.
Product-ichatinstant_message_frameworkmac_os_xn/a
CVE-2024-43483
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.05% / 76.66%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2macoswindows_server_2022.net_frameworkwindows_11_23h2windows_10_21h2windows_10_1809linux_kernelvisual_studio_2022.netwindows_11_24h2windowswindows_10_22h2windows_11_22h2windows_server_2019windows_10_1607Microsoft .NET Framework 4.6.2Microsoft .NET Framework 4.6/4.6.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.8Microsoft .NET Framework 3.5 AND 4.7.2.NET 6.0Microsoft .NET Framework 2.0 Service Pack 2Microsoft Visual Studio 2022 version 17.10.NET 8.0Microsoft .NET Framework 3.5.1PowerShell 7.4Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft Visual Studio 2022 version 17.6PowerShell 7.2Microsoft Visual Studio 2022 version 17.11
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2006-4095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.41% / 92.48%
||
7 Day CHG~0.00%
Published-06 Sep, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.Apple Inc.Canonical Ltd.
Product-mac_os_x_servermac_os_xubuntu_linuxbindn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2024-43499
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 78.04%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-27 Aug, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-visual_studio_2022linux_kernelmacos.netwindowsMicrosoft Visual Studio 2022 version 17.11Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10PowerShell 7.5.NET 9.0Microsoft Visual Studio 2022 version 17.8
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE ID-CWE-606
Unchecked Input for Loop Condition
CVE-2024-43485
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.05% / 76.66%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelvisual_studio_2022.netwindowsmacosMicrosoft Visual Studio 2022 version 17.8.NET 6.0PowerShell 7.5Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10.NET 8.0Microsoft Visual Studio 2022 version 17.11PowerShell 7.2PowerShell 7.4
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2024-43484
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.79% / 81.99%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-.net_frameworkwindows_10_1809windows_11_23h2windows_server_2019windows_10_1607windows_server_2012.netwindows_server_2022windowswindows_11_24h2windows_server_2016windows_10_22h2windows_server_2022_23h2linux_kernelmacoswindows_11_22h2windows_10_1507visual_studio_2022windows_server_2008windows_11_21h2windows_10_21h2Microsoft .NET Framework 4.6.2Microsoft .NET Framework 4.6/4.6.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.8Microsoft .NET Framework 3.5 AND 4.7.2.NET 6.0Microsoft .NET Framework 2.0 Service Pack 2Microsoft Visual Studio 2022 version 17.10.NET 8.0Microsoft .NET Framework 3.5.1PowerShell 7.4Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft Visual Studio 2022 version 17.6PowerShell 7.2Microsoft Visual Studio 2022 version 17.11
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2012-5366
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.30%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 14:14
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2005-4504
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-21.77% / 95.53%
||
7 Day CHG~0.00%
Published-22 Dec, 2005 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_serversafarimac_os_xtexteditn/a
CVE-2024-40856
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.28%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-25 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadostvOSiOS and iPadOSmacOS
CVE-2021-36690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.98% / 75.77%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

Action-Not Available
Vendor-sqliten/aApple Inc.Oracle Corporation
Product-iphone_oswatchostvossqlitezfs_storage_appliance_kitmacosn/a
CVE-2021-30924
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.42%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:50
Updated-03 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1. A remote attacker can cause a device to unexpectedly restart.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacosmacOS
CVE-2011-3336
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-23.65% / 95.77%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 19:32
Updated-06 Aug, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

Action-Not Available
Vendor-The PHP GroupApple Inc.FreeBSD FoundationOpenBSD
Product-openbsdfreebsdphpmac_os_xmacOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-43765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.59%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aF-Secure CorporationLinux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/alinux_security_64server_securityclient_securityelements_endpoint_protectionatlantemail_and_server_securitylinux_protection
CVE-2011-1755
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.46% / 91.98%
||
7 Day CHG~0.00%
Published-21 Jun, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Action-Not Available
Vendor-jabberd2n/aFedora ProjectApple Inc.
Product-fedorajabberd2mac_os_xmac_os_x_servern/a
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2011-0196
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.59%
||
7 Day CHG~0.00%
Published-24 Jun, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2011-0162
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.98% / 82.80%
||
7 Day CHG~0.00%
Published-11 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_tviphone_ostvosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27879
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.37%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-12 Dec, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOSiphone_osipados
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-1372
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.92% / 92.22%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.
Product-cupsmac_os_xdebian_linuxn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2010-1843
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.64% / 81.20%
||
7 Day CHG~0.00%
Published-16 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-2815
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 66.87%
||
7 Day CHG~0.00%
Published-10 Sep, 2009 | 21:00
Updated-16 Sep, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-399
Not Available
CVE-2010-0500
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.59%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0302
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.29% / 89.63%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectRed Hat, Inc.Apple Inc.
Product-ubuntu_linuxenterprise_linuxfedoraenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopcupsenterprise_linux_eusmac_os_xmac_os_x_servern/a
CWE ID-CWE-416
Use After Free
CVE-2009-3553
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.85% / 92.68%
||
7 Day CHG~0.00%
Published-20 Nov, 2009 | 02:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.Fedora ProjectApple Inc.
Product-ubuntu_linuxdebian_linuxcupsfedoramac_os_xenterprise_linuxmac_os_x_servern/a
CWE ID-CWE-416
Use After Free
CVE-2009-3282
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.34%
||
7 Day CHG~0.00%
Published-16 Oct, 2009 | 16:00
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.VMware (Broadcom Inc.)
Product-fusionmac_os_xn/a
CWE ID-CWE-189
Not Available
CVE-2021-1764
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 77.92%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:55
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2005-3897
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.68% / 70.63%
||
7 Day CHG~0.00%
Published-29 Nov, 2005 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2023-43767
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.50%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-43760
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.59%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CVE-2020-9844
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.22%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:16
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xipadosmacOSiOS
CWE ID-CWE-415
Double Free
CVE-2023-43761
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.63%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-44487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-94.41% / 99.98%
||
7 Day CHG-0.06%
Published-10 Oct, 2023 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-31||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Action-Not Available
Vendor-grpckonghqopenrestykazu-yamamotoistiolinecorptraefiknghttp2linkerdvarnish_cache_projectenvoyproxyakkadenacaddyserveramazonprojectcontourn/aJenkinsF5, Inc.The Netty ProjectEclipse Foundation AISBLThe IETF Administration LLC (IETF LLC)Apple Inc.NetApp, Inc.Microsoft CorporationRed Hat, Inc.Debian GNU/LinuxNode.js (OpenJS Foundation)The Apache Software FoundationFedora ProjectGoCisco Systems, Inc.Facebook
Product-nexus_9516openshift_serverlesscbl-marinernexus_34180ycnexus_3132c-zbig-ip_ddos_hybrid_defendernexus_3132q-xlproxygenarmerianexus_3132q-x\/3132q-xlunified_contact_center_enterprise_-_live_data_servernexus_9336pq_aci_spineintegration_service_registrynexus_9236c_switchwindows_11_22h2migration_toolkit_for_containersnexus_9396px.netnexus_31108pc-vnexus_9336c-fx2nexus_9396tx_switchopenshiftnginx_ingress_controllernexus_9236cadvanced_cluster_securitykong_gatewaynexus_93108tc-ex-24secure_web_appliancewindows_server_2016windows_server_2019openshift_container_platform_assisted_installerbig-ip_next_service_proxy_for_kubernetesnexus_3500integration_camel_knexus_9396txnexus_9372txnexus_93216tc-fx2apisixnginx_plusnexus_9800linkerdsupport_for_spring_bootnexus_3132q-xnode_healthcheck_operator3scale_api_management_platformnexus_9500nexus_93120txnexus_3264c-enexus_9500_4-slotopenstack_platformtelepresence_video_communication_servernexus_36180yc-rtomcatnexus_3132qnexus_3172tq-32topenshift_distributed_tracingnexus_9348gc-fxpbig-ip_nextenterprise_chat_and_emailbig-ip_global_traffic_managerbig-ip_fraud_protection_serviceunified_contact_center_enterprisecontouropenshift_container_platformnexus_3100-vsecure_malware_analyticsnexus_92160yc_switchnexus_34200yc-smnexus_9348d-gx2anexus_9364c-gxmigration_toolkit_for_virtualizationnexus_3100-zfog_directornexus_9804nexus_3432d-sultra_cloud_core_-_session_management_functionnexus_3524swiftnio_http\/2nexus_3400cryostatnexus_31108pv-vnexus_9372tx_switchnexus_3172tqbig-ip_advanced_web_application_firewalljboss_fusenexus_3172pq-xlfedoranexus_9272qopenshift_developer_tools_and_servicesnexus_9500rdecision_managernexus_9500_supervisor_b\+nexus_3548-x\/xlnexus_9232enexus_92348gc-xunified_attendant_console_advancedopenshift_sandboxed_containersultra_cloud_core_-_serving_gateway_functionnexus_9332d-h2rnexus_93128nexus_3548-xnexus_9200ycnexus_3064tbig-ip_policy_enforcement_managernexus_93108tc-exlogging_subsystem_for_red_hat_openshiftasp.net_corebig-ip_local_traffic_managernexus_93360yc-fx2big-ip_webacceleratornexus_3132q-vnexus_9336c-fx2-esolrcaddyistiounified_contact_center_management_portalnexus_9332cnexus_9200nexus_9516_switchnexus_3548nexus_3172pq\/pq-xlnexus_3048secure_dynamic_attributes_connectornexus_93600cd-gxnexus_9372px_switchnexus_3164qazure_kubernetes_serviceopenshift_secondary_scheduler_operatornexus_9500_8-slotnexus_9508openshift_virtualizationprime_cable_provisioningnexus_9364copensearch_data_preppernexus_93128tx_switchhttpwindows_10_21h2firepower_threat_defensesingle_sign-onnexus_9221cgobuild_of_optaplannerprime_access_registrarnetworkingnexus_9500_16-slotnexus_3232cnexus_93108tc-fxvarnish_cachenexus_9504jboss_enterprise_application_platformwindows_10_1607nexus_92304qcintegration_camel_for_spring_bootrun_once_duration_override_operatornexus_9716d-gxnexus_9000vnexus_3016windows_11_21h2openshift_pipelinesnexus_9408visual_studio_2022nexus_9336pq_acinexus_93180yc-fx3debian_linuxnx-osceph_storagenexus_9316d-gxnginxnexus_93180tc-exadvanced_cluster_management_for_kubernetesprime_network_registrarnexus_3408-straefiknexus_3064xnexus_9336pq_aci_spine_switchnexus_9372pxunified_contact_center_domain_managernettynexus_3264qnexus_3100vnexus_9372tx-e_switchnexus_93108tc-ex_switchtraffic_serverjboss_core_servicesnexus_9300jboss_a-mqjboss_a-mq_streamsnexus_3100nexus_93240tc-fx2machine_deletion_remediation_operatorbig-ip_application_security_managerbuild_of_quarkusnexus_93180yc-ex_switchnexus_9372tx-enode_maintenance_operatornexus_93180yc-ex-24nexus_3064openshift_dev_spacesnexus_9504_switchweb_terminalnexus_9736pqself_node_remediation_operatorcertification_for_red_hat_enterprise_linuxnexus_3172pqnexus_93128txiot_field_network_directornexus_3636c-rnexus_3064-tnexus_9372px-ehttp2nexus_92300yc_switchnexus_9364d-gx2aservice_interconnectnexus_93180yc-fxios_xeopenrestynexus_31128pqopenshift_service_meshbig-ip_analyticsopenshift_data_sciencebig-ip_application_acceleration_managernexus_9336pqnetwork_observability_operatorbig-ip_link_controllernexus_9372px-e_switchnexus_9332pq_switchnexus_9500_supervisor_bhttp_servernexus_93180yc-fx-24windows_10_22h2node.jsnexus_3600nexus_93180lc-exnexus_9636pqservice_telemetry_frameworkbig-ip_application_visibility_and_reportingmigration_toolkit_for_applicationsnexus_9808nexus_93108tc-fx-24nexus_92160yc-xnexus_31108tc-vnexus_3200nexus_9332d-gx2bcrosswork_situation_managernexus_3064-xnghttp2nexus_93180yc-fx3sbig-ip_websafenexus_3464cnexus_93180yc-exnexus_3172nexus_9536pqastra_control_centernexus_9396px_switchnexus_92300ycopenshift_api_for_data_protectionh2ojettynexus_9500_supervisor_anexus_9500_supervisor_a\+nexus_9272q_switchsatellitenexus_93180yc-fx3hprocess_automationdata_center_network_manageransible_automation_platformcost_managementsecure_web_appliance_firmwarejboss_data_gridnexus_9508_switchnexus_3064-32tcert-manager_operator_for_red_hat_openshiftoncommand_insightnexus_93240yc-fx2ios_xrnexus_93180lc-ex_switchfence_agents_remediation_operatorcrosswork_zero_touch_provisioningnexus_3232c_ultra_cloud_core_-_policy_control_functionbig-ip_carrier-grade_natnexus_3172tq-xlnexus_3524-xexpresswaygrpcbusiness_process_automationnexus_93108tc-fx3hnexus_92304qc_switchwindows_10_1809enterprise_linuxenvoyquaycrosswork_data_gatewaynexus_93108tc-fx3pbig-ip_domain_name_systemnexus_3548-xlnexus_93120tx_switchnexus_9432pqopenshift_gitopsnexus_3524-xlnexus_3232nexus_9332pqnexus_3524-x\/xlbig-ip_advanced_firewall_managerprime_infrastructurenexus_3016qjenkinsbig-ip_ssl_orchestratornexus_9348gc-fx3big-ip_access_policy_managerwindows_server_2022connected_mobile_experiencesn/ahttpHTTP/2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-9840
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.62%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 19:35
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.

Action-Not Available
Vendor-SwiftApple Inc.
Product-nioextrasSwiftNIO Extras
CVE-2009-1955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.52% / 87.16%
||
7 Day CHG~0.00%
Published-06 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Action-Not Available
Vendor-n/aSUSEDebian GNU/LinuxFedora ProjectOracle CorporationThe Apache Software FoundationApple Inc.Canonical Ltd.
Product-ubuntu_linuxhttp_serverlinux_enterprise_serverdebian_linuxfedoramac_os_xapr-utiln/a
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2009-2190
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-06 Aug, 2009 | 16:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2009-1683
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.71% / 81.59%
||
7 Day CHG~0.00%
Published-19 Jun, 2009 | 16:00
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osipod_touchn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 19
  • 20
  • Next
Details not found