Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-24086

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-25 Feb, 2021 | 23:01
Updated At-03 Aug, 2024 | 19:21
Rejected At-
Credits

Windows TCP/IP Denial of Service Vulnerability

Windows TCP/IP Denial of Service Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:25 Feb, 2021 | 23:01
Updated At:03 Aug, 2024 | 19:21
Rejected At:
▼CVE Numbering Authority (CNA)
Windows TCP/IP Denial of Service Vulnerability

Windows TCP/IP Denial of Service Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1803
CPEs
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
CPEs
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
CPEs
  • cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1507
CPEs
  • cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1607
CPEs
  • cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
CPEs
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7
CPEs
  • cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7 Service Pack 1
CPEs
  • cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 8.1
CPEs
  • cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 6.3.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012
CPEs
  • cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2
CPEs
  • cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1909
CPEs
  • cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 1909 (Server Core installation)
CPEs
  • cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 2004
CPEs
  • cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Platforms
  • 32-bit Systems
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server version 2004
CPEs
  • cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 20H2
CPEs
  • cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*
Platforms
  • 32-bit Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server version 20H2
CPEs
  • cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.0 before publication (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ADenial of Service
Type: Impact
CWE ID: N/A
Description: Denial of Service
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086
x_refsource_MISC
http://packetstormsecurity.com/files/163499/Windows-TCP-IP-Denial-Of-Service.html
x_refsource_MISC
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086
Resource:
x_refsource_MISC
Hyperlink: http://packetstormsecurity.com/files/163499/Windows-TCP-IP-Denial-Of-Service.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086
x_refsource_MISC
x_transferred
http://packetstormsecurity.com/files/163499/Windows-TCP-IP-Denial-Of-Service.html
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/163499/Windows-TCP-IP-Denial-Of-Service.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:25 Feb, 2021 | 23:15
Updated At:29 Dec, 2023 | 23:15

Windows TCP/IP Denial of Service Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>20h2
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1803
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1909
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>2004
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_rt_8.1>>-
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>20h2
cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1909
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>2004
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/163499/Windows-TCP-IP-Denial-Of-Service.htmlsecure@microsoft.com
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/163499/Windows-TCP-IP-Denial-Of-Service.html
Source: secure@microsoft.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

826Records found
CVE-2017-11883
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-20.30% / 95.30%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-aspnetcoreASP.NET
CVE-2014-1811
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-30.39% / 96.54%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (non-paged pool memory consumption and system hang) via malformed data in the Options field of a TCP header, aka "TCP Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1n/a
CVE-2025-33050
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Denial of Service Vulnerability

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2022windows_server_2025windows_server_2016windows_server_2019Windows Server 2016Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-36047
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.55%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 15:38
Updated-18 Aug, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, IncApple Inc.
Product-linux_kernelwindowsz\/osimacoswebsphere_application_serveraixWebSphere Application Server Liberty
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-33056
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.53%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority (LSA) Denial of Service Vulnerability

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2011-2007
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-67.78% / 98.52%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-host_integration_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2008
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-53.66% / 97.91%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-host_integration_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-33068
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-12.22% / 93.59%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022windows_server_2025windows_server_2016windows_server_2019Windows Server 2016Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)Windows Server 2012 R2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-11788
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-18.85% / 95.06%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_serverwindows_server_2016windows_8.1windows_rt_8.1windows_10Windows search
CVE-2025-32724
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-12.22% / 93.59%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-1999-1164
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.90% / 91.01%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-outlookoutlook_expressn/a
CVE-2011-2012
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-19.03% / 95.10%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-forefront_unified_access_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1970
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-61.47% / 98.26%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_server_2008windows_2003_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0806
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.20%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle CorporationMicrosoft Corporation
Product-windowsdatabase_servern/a
CVE-2025-3221
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.10%
||
7 Day CHG+0.01%
Published-21 Jun, 2025 | 12:44
Updated-24 Aug, 2025 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server denial of service

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-windowsinfosphere_information_serverlinux_kernelaixInfoSphere Information Server
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-32725
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Denial of Service Vulnerability

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2022windows_server_2025windows_server_2016windows_server_2019Windows Server 2016Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2013-7332
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.96% / 93.14%
||
7 Day CHG~0.00%
Published-26 Feb, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_8.1windows_8n/a
CVE-2005-4810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-18.51% / 94.99%
||
7 Day CHG~0.00%
Published-30 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX).

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2009-3344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.41% / 60.33%
||
7 Day CHG~0.00%
Published-24 Sep, 2009 | 16:00
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Action-Not Available
Vendor-n/aSAP SEMicrosoft Corporation
Product-windows_xpcrystal_reports_servern/a
CVE-2025-29971
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.88%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web Threat Defense (WTD.sys) Denial of Service Vulnerability

Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_11_22h2windows_11_24h2Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-3869
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-8.06% / 91.77%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_rtwindows_7windows_8windows_server_2008windows_rt_8.1windows_vistawindows_server_2003windows_server_2012windows_8.1n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10512
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS).

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-control_managerwindowsTrend Micro Control Manager
CVE-2025-27469
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.97% / 94.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-08 Jul, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1607windows_11_23h2windows_10_21h2windows_server_2012windows_server_2022windows_server_2019windows_server_2008windows_10_22h2windows_server_2025windows_11_22h2windows_10_1809windows_10_1507windows_server_2022_23h2windows_11_24h2Windows 10 Version 1809Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 22H2Windows 11 version 22H3Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows Server 2012 R2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-0040
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-40.23% / 97.24%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-27486
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-14.06% / 94.09%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-08 Jul, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022windows_server_2019windows_server_2025windows_server_2016Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2025
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-27473
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.97% / 94.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-08 Jul, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP.sys Denial of Service Vulnerability

Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1607windows_11_23h2windows_10_21h2windows_server_2012windows_server_2022windows_server_2019windows_server_2008windows_10_22h2windows_server_2025windows_11_22h2windows_10_1809windows_10_1507windows_server_2022_23h2windows_11_24h2Windows 10 Version 1809Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 22H2Windows 11 version 22H3Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows Server 2012 R2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-27470
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.97% / 94.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-08 Jul, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022windows_server_2019windows_server_2025windows_server_2016Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2025
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-27479
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.97% / 94.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-08 Jul, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kerberos Key Distribution Proxy Service Denial of Service Vulnerability

Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022windows_server_2019windows_server_2025windows_server_2016windows_server_2022_23h2Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2025
CWE ID-CWE-410
Insufficient Resource Pool
CVE-2025-26682
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.97% / 94.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-09 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASP.NET Core and Visual Studio Denial of Service Vulnerability

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022asp.net_coreMicrosoft Visual Studio 2022 version 17.13Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.10ASP.NET Core 9.0ASP.NET Core 8.0Microsoft Visual Studio 2022 version 17.12
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-26677
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-9.38% / 92.46%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2022_23h2windows_server_2019windows_server_2025windows_server_2022Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-26641
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.97% / 94.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-10 Jul, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows 10 Version 1809Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 22H2Windows 11 version 22H3Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows Server 2012 R2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-25199
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.51%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 17:49
Updated-12 Feb, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BCryptGenerateSymmetricKey memory leak

go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The fix is included in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go, as well as in the pseudoversion 0.0.0-20250211154640-f49c8e1379ea of the `github.com/microsoft/go-crypto-winnative` Go package.

Action-Not Available
Vendor-Microsoft Corporation
Product-go-crypto-winnative
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-23326
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.56%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:41
Updated-12 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CVE-2025-23325
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.89%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:40
Updated-12 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-23322
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.56%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:39
Updated-12 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-415
Double Free
CVE-2025-21174
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-14.06% / 94.09%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-08 Jul, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022windows_server_2019windows_server_2025windows_server_2016Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2025
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21251
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.11%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 Service Pack 2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21300
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.11%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows upnphost.dll Denial of Service Vulnerability

Windows upnphost.dll Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 Service Pack 2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-7449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-20.85% / 95.40%
||
7 Day CHG~0.00%
Published-04 Mar, 2018 | 01:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.

Action-Not Available
Vendor-seggern/aMicrosoft Corporation
Product-windowsembos\/ip_ftp_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1282
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-71.79% / 98.67%
||
7 Day CHG~0.00%
Published-09 Apr, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-active_directory_servicesactive_directoryactive_directory_application_modeactive_directory_lightweight_directory_servicen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0808
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-10.49% / 92.95%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.

Action-Not Available
Vendor-Microsoft Corporation
Product-asp.net_coreASP.NET Core
CVE-2007-1531
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-49.40% / 97.71%
||
7 Day CHG~0.00%
Published-20 Mar, 2007 | 20:00
Updated-07 Aug, 2024 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_vistan/a
CWE ID-CWE-399
Not Available
CVE-2018-0875
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.64% / 94.84%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-powershell_coreasp.net_core.NET Core
CVE-2018-0764
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-22.01% / 95.56%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 01:00
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1.net_corewindows_rt_8.1windows_7windows_10powershell_core.net_frameworkwindows_server_2008.NET Framework and .NET Core
CVE-2013-0029
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-51.59% / 97.81%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008internet_explorerwindows_vistawindows_server_2003windows_xpn/a
CVE-2022-38041
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-5.06% / 89.37%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Channel Denial of Service Vulnerability

Windows Secure Channel Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2010-3195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.04% / 76.55%
||
7 Day CHG~0.00%
Published-31 Aug, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft Corporation
Product-windows_server_2008db2n/a
CVE-2023-47263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.87%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CVE-2017-11770
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-12.96% / 93.80%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-aspnetcore.NET Core
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-38013
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.39% / 79.61%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 00:00
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Core and Visual Studio Denial of Service Vulnerability

.NET Core and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft CorporationFedora Project
Product-visual_studio_2022visual_studio_2019fedora.net.net_core.NET 6.0Microsoft Visual Studio 2022 version 17.0Visual Studio 2022 for Mac version 17.3Microsoft Visual Studio 2022 version 17.3Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2022 version 17.2.NET Core 3.1
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found