Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-9702

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-19 Aug, 2020 | 13:15
Updated At-04 Aug, 2024 | 10:34
Rejected At-
Credits

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:19 Aug, 2020 | 13:15
Updated At:04 Aug, 2024 | 10:34
Rejected At:
▼CVE Numbering Authority (CNA)

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.

Affected Products
Vendor
Adobe Inc.Adobe
Product
Adobe Acrobat and Reader
Versions
Affected
  • 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier versions
Problem Types
TypeCWE IDDescription
textN/AStack exhaustion
Type: text
CWE ID: N/A
Description: Stack exhaustion
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
x_refsource_CONFIRM
Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
x_refsource_CONFIRM
x_transferred
Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:19 Aug, 2020 | 14:15
Updated At:08 Sep, 2021 | 17:22

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
Adobe Inc.
adobe
>>acrobat_dc>>Versions from 15.006.30060(inclusive) to 15.006.30523(inclusive)
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Adobe Inc.
adobe
>>acrobat_dc>>Versions from 15.008.20082(inclusive) to 20.009.20074(inclusive)
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Adobe Inc.
adobe
>>acrobat_dc>>Versions from 17.011.30059(inclusive) to 17.011.30171(inclusive)
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Adobe Inc.
adobe
>>acrobat_dc>>20.001.30002
cpe:2.3:a:adobe:acrobat_dc:20.001.30002:*:*:*:classic:*:*:*
Adobe Inc.
adobe
>>acrobat_reader_dc>>Versions from 15.006.30060(inclusive) to 15.006.30523(inclusive)
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Adobe Inc.
adobe
>>acrobat_reader_dc>>Versions from 15.008.20082(inclusive) to 20.009.20074(inclusive)
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Adobe Inc.
adobe
>>acrobat_reader_dc>>Versions from 17.011.30059(inclusive) to 17.011.30171(inclusive)
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Adobe Inc.
adobe
>>acrobat_reader_dc>>20.001.30002
cpe:2.3:a:adobe:acrobat_reader_dc:20.001.30002:*:*:*:classic:*:*:*
Apple Inc.
apple
>>macos>>-
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/acrobat/apsb20-48.htmlpsirt@adobe.com
Vendor Advisory
Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
Source: psirt@adobe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

874Records found
CVE-2025-24086
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.67%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing an image may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-29353
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.29%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:25
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sysinternals Process Monitor for Windows Denial of Service Vulnerability

Sysinternals Process Monitor for Windows Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sysinternalssysinternals_process_monitorWindows Sysinternals Process MonitorSysinternals Suite
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.50%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 23:23
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.

Action-Not Available
Vendor-fossil-scmn/aMicrosoft Corporation
Product-windowsfossiln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-6687
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.16%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 14:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GetSusp (a free McAfee tool) update fixes an infinite loop vulnerability (CVE-2018-6687)

Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-getsuspwindowsMcAfee GetSusp (GetSusp)
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-32785
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.57%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:58
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xmacosipadosmacOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-28185
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.36%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacostvosiphone_oswatchosmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-32827
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4290
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.37% / 58.70%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_oswatchosiOS, watchOS
CVE-2018-4270
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 74.63%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4273
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 74.63%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4365
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.36%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-4400
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.27%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchosiOS, macOS, watchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4198
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 64.14%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file.

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_tviphone_oswatchosmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30155
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.41% / 85.11%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 21:51
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Denial of Service Vulnerability

Windows Kernel Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-193
Off-by-one Error
CVE-2018-4240
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-23.35% / 95.97%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4304
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.20% / 42.06%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4266
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.75% / 73.22%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-30130
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-3.3||LOW
EPSS-4.31% / 88.91%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:35
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Denial of Service Vulnerability

.NET Framework Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 4.6.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.6/4.6.2
CVE-2018-4271
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 72.03%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8130
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.08% / 83.99%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 02:00
Updated-06 Aug, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Action-Not Available
Vendor-n/aRed Hat, Inc.LibTIFFApple Inc.
Product-enterprise_linux_serveriphone_osenterprise_linux_server_euslibtiffenterprise_linux_server_ausenterprise_linux_workstationmac_os_xenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-369
Divide By Zero
CVE-2022-28875
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.43%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 15:09
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-linux_securitycloud_protection_for_salesforceelements_endpoint_protectionatlantelements_collaboration_protectionelements_endpoint_detection_and_responsewindowsmacosinternet_gatekeeperAll F-Secure & WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce & WithSecure Collaboration Protection
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2018-4113
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.16% / 78.57%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2018-4250
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 61.09%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4247
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.13% / 78.38%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8128
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.99% / 76.96%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 02:15
Updated-06 Aug, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

Action-Not Available
Vendor-n/aLibTIFFApple Inc.
Product-iphone_osmac_os_xlibtiffLibTIFF
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28852
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.54%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 00:32
Updated-02 Apr, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-54501
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.22%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:57
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted file may lead to a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-24548
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.00% / 88.45%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:04
Updated-09 Dec, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender Denial of Service Vulnerability

Microsoft Defender Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-malware_protection_engineMicrosoft Malware Protection Engine
CVE-2022-25108
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.36%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 04:15
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-53006
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.22%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 21:12
Updated-13 Dec, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Modeler | NULL Pointer Dereference (CWE-476)

Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_modelerSubstance3D - Modeler
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-52833
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.17%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 21:12
Updated-18 Dec, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Modeler | NULL Pointer Dereference (CWE-476)

Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_modelerSubstance3D - Modeler
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-23308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.40%
||
7 Day CHG~0.00%
Published-26 Feb, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectApple Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-h410sactive_iq_unified_managerdebian_linuxh500s_firmwarecommunications_cloud_native_core_binding_support_functionbootstrap_osh410c_firmwareh410ch700sh500smysql_workbenchh700e_firmwarezfs_storage_appliance_kitontap_select_deploy_administration_utilitycommunications_cloud_native_core_network_function_cloud_native_environmenth500e_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodetvosclustered_data_ontap_antivirus_connectorclustered_data_ontaph300ecommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryh300e_firmwaremacoswatchossolidfire_\&_hci_management_nodeh700eipadosmac_os_xhci_compute_nodeh500eh700s_firmwaresmi-s_providerfedoracommunications_cloud_native_core_network_slice_selection_functionh410s_firmwaresnapmanagerlibxml2h300s_firmwaremanageability_software_development_kitsnapdriveiphone_osh300sn/a
CWE ID-CWE-416
Use After Free
CVE-2024-49554
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.48%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 20:09
Updated-18 Dec, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Media Encoder | NULL Pointer Dereference (CWE-476)

Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosmedia_encoderMedia Encoder
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2007-4336
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-76.55% / 98.95%
||
7 Day CHG~0.00%
Published-14 Aug, 2007 | 18:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-directx_median/a
CVE-2024-49531
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.07%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 19:54
Updated-21 Jan, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader | NULL Pointer Dereference (CWE-476)

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_readeracrobatwindowsacrobat_dcmacosacrobat_reader_dcAcrobat Reader
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2007-3445
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.90% / 75.63%
||
7 Day CHG~0.00%
Published-27 Jun, 2007 | 00:00
Updated-07 Aug, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.

Action-Not Available
Vendor-sj_labssecurecomputingn/aMicrosoft Corporation
Product-windows_mobilesch_i730_phonesjphonen/a
CVE-2022-23189
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.72% / 72.54%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-23 Apr, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator NULL Pointer Dereference Application denial-of-service

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-23199
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.72% / 72.54%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-23 Apr, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator NULL Pointer Dereference Application denial-of-service

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-22588
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.37%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23198
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.72% / 72.54%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-23 Apr, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator NULL Pointer Dereference Application denial-of-service

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-21889
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-15.19% / 94.62%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2022-21890
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-15.19% / 94.62%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2022-21843
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-13.25% / 94.17%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2022-21986
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.71% / 82.39%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Denial of Service Vulnerability

.NET Denial of Service Vulnerability

Action-Not Available
Vendor-Fedora ProjectMicrosoft Corporation
Product-visual_studio_2019fedoravisual_studio_2022.netMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 5.0Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Visual Studio 2019 for Mac version 8.10Microsoft Visual Studio 2022 version 17.0.NET 6.0
CVE-2007-2885
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-12.47% / 93.94%
||
7 Day CHG~0.00%
Published-30 May, 2007 | 01:00
Updated-07 Aug, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_database_tools_database_designern/a
CVE-2022-1674
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.6||MEDIUM
EPSS-0.12% / 31.66%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-fedoramacosvimvim/vim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-1999-0999
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-16.08% / 94.80%
||
7 Day CHG~0.00%
Published-18 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sql_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-1725
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.6||MEDIUM
EPSS-0.04% / 13.46%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in vim/vim

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.

Action-Not Available
Vendor-VimApple Inc.
Product-macosvimvim/vim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-1420
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.07% / 20.25%
||
7 Day CHG+0.01%
Published-21 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Out-of-range Pointer Offset in vim/vim

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-fedoramacosvimvim/vim
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-1622
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.36%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Action-Not Available
Vendor-NetApp, Inc.Fedora ProjectLibTIFFApple Inc.
Product-iphone_oswatchostvosontap_select_deploy_administration_utilitylibtifffedoramacoslibtiff
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 17
  • 18
  • Next
Details not found