Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-41789

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Jan, 2022 | 15:54
Updated At-04 Aug, 2024 | 03:15
Rejected At-
Credits

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Jan, 2022 | 15:54
Updated At:04 Aug, 2024 | 03:15
Rejected At:
▼CVE Numbering Authority (CNA)

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/January-2022
x_refsource_MISC
Hyperlink: https://corp.mediatek.com/product-security-bulletin/January-2022
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/January-2022
x_refsource_MISC
x_transferred
Hyperlink: https://corp.mediatek.com/product-security-bulletin/January-2022
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Jan, 2022 | 16:15
Updated At:14 Jan, 2022 | 16:11

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.06.1MEDIUM
AV:A/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 6.1
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:C
CPE Matches

MediaTek Inc.
mediatek
>>mt7615_firmware>>4.4.1.1
cpe:2.3:o:mediatek:mt7615_firmware:4.4.1.1:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt7615>>-
cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt7622_firmware>>4.4.1.1
cpe:2.3:o:mediatek:mt7622_firmware:4.4.1.1:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt7622>>-
cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://corp.mediatek.com/product-security-bulletin/January-2022cve@mitre.org
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/January-2022
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

234Records found

CVE-2023-28374
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 34.00%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-29 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-killer_wi-fi_6e_ax1690proset\/wirelesswi-fi_6e_ax211killerkiller_wi-fi_6e_ax1675wi-fi_6e_ax411proset_wi-fi_6e_ax210Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28981
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 22.01%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: If malformed IPv6 router advertisements are received, memory corruption will occur which causes an rpd crash

An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28911
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
ShareView Details
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 27.41%
||
7 Day CHG~0.00%
Published-28 Jun, 2025 | 15:34
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Channel Disconnection Resulting in Denial of Service

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.

Action-Not Available
Vendor-Preh Car Connect GmbH (JOYNEXT GmbH)
Product-Volkswagen MIB3 infotainment system MIB3 OI MQB
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15700
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 44.01%
||
7 Day CHG~0.00%
Published-01 Oct, 2018 | 20:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wrn841n_firmwaretl-wrn841nTP-Link TL-WRN841N
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44545
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 36.75%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-wi-fi_6e_ax411_firmwarewi-fi_6e_ax211_firmwarekiller_wi-fi_6_ax1650killer_ac_1550_firmwarewi-fi_6_ax200_firmwarewi-fi_6_ax201_firmwarewi-fi_6e_ax411proset_wi-fi_6e_ax210killer_wi-fi_6e_ax1675_firmwareproset_wi-fi_6e_ax210_firmwarekiller_wi-fi_6_ax1650_firmwarekiller_wi-fi_6e_ax1675killer_wi-fi_6e_ax1690wi-fi_6_ax200wi-fi_6_ax201killer_wi-fi_6e_ax1690_firmwarekiller_ac_1550wi-fi_6e_ax211Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products
CWE ID-CWE-20
Improper Input Validation
CVE-2021-43548
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 28.59%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 18:48
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Patient Information Center iX (PIC iX) and Efficia CM Series Improper Input Validation

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

Action-Not Available
Vendor-Philips
Product-patient_information_center_ixPatient Information Center iX (PIC iX)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-39230
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.74% / 50.07%
||
7 Day CHG~0.00%
Published-21 Sep, 2021 | 16:55
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Error in JPNS kernel of Butter

Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.

Action-Not Available
Vendor-butter_projectFrankEnderman
Product-butterButter
CWE ID-CWE-20
Improper Input Validation
CVE-2023-44183
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.00%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:02
Updated-18 Sep, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX5000 Series, EX4600 Series: In a VxLAN scenario an adjacent attacker within the VxLAN sending genuine packets may cause a DMA memory leak to occur.

An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur. An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing. Use the following command to determine if FPC0 has gone missing from the device. show chassis fpc detail This issue affects: Juniper Networks Junos OS on QFX5000 Series, EX4600 Series: * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfk5210qfk5700ex4650qfk5110ex4600qfk5130junosqfk5200qfk5230qfk5220qfk5120Junos OS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2015-4197
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 52.57%
||
7 Day CHG~0.00%
Published-20 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osnexus_7700nexus_7000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0197
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 45.57%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-30 Oct, 2025 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability

A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosios_xeCisco IOS and IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0475
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.86% / 53.92%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS Software
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0235
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.52% / 40.52%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 22:00
Updated-29 Nov, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11 management frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects only Cisco Wireless LAN Controllers that are running Cisco Mobility Express Release 8.5.103.0. Cisco Bug IDs: CSCvg07024.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_softwareCisco Wireless LAN Controller
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3849
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.76% / 50.79%
||
7 Day CHG~0.00%
Published-21 Mar, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xeCisco IOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CVE-2017-17159
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 29.71%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mt8-emui4.1nts-al00mt8-emui4.1_firmwarents-al00_firmwareMT8-EMUI4.1,NTS-AL00
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37039
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.37%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:11
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiharmonyosemuiMagic UIHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12273
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 54.37%
||
7 Day CHG~0.00%
Published-02 Nov, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-aironet_3800eaironet_1562eaironet_1562_firmwareaironet_3800paironet_2800eaironet_1562daironet_2800_firmwareaironet_3800iaironet_2800iaironet_3800_firmwareaironet_1562iCisco Aironet 1560, 2800, and 3800 Series Access Point Platforms
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0331
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 46.22%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_4150nexus_56128pnexus_9332pqnexus_3132q-xnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rfirepower_9300_security_appliancenexus_9508nexus_3100-vnexus_93120txnexus_n9k-x9636c-rfirepower_4110nexus_93128txfxosnexus_3548-xlnexus_31128pqnexus_6001pnexus_3164qnexus_5020nexus_3172tq-32tnexus_3524-xnexus_3132c-znexus_5548pnexus_5648qmds_9000nexus_9272qucs_6120xpnexus_5672upnexus_3264qfirepower_4140nexus_34180ycnexus_3064-32tnexus_5596upnexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xucs_6248upnexus_n9k-x9636q-rnexus_n9k-c9508-fm-rnexus_9504nexus_3048nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_7000nexus_3172pqnexus_3064-xucs_6332nexus_3232cnexus_5548upnexus_9396pxucs_6296upnexus_5010nexus_5000nexus_5596tnexus_3264c-efirepower_extensible_operating_systemnexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tucs_6140xpnexus_6001tnexus_93180yc-exnexus_172tq-xlnexus_c36180yc-rnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco FXOS, NX-OS, and UCS Manager unknown
CWE ID-CWE-399
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12222
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.75% / 50.41%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xeCisco IOS XE
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-399
Not Available
CVE-2017-9945
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 41.30%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover.

Action-Not Available
Vendor-n/aSiemens AG
Product-7km_pac_switched_ethernet_profinet_expansion_module_firmware7km_pac_switched_ethernet_profinet_expansion_moduleSiemens 7KM PAC Switched Ethernet PROFINET expansion module: All versions < V2.1.3
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12275
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.71% / 48.96%
||
7 Day CHG~0.00%
Published-02 Nov, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controllerwireless_lan_controller_softwareCisco Wireless LAN Controller
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12274
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.81% / 52.46%
||
7 Day CHG~0.00%
Published-02 Nov, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A successful exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. It may be necessary to manually power cycle the device in order for it to recover. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve18935.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-aironet_3800eaironet_1562eaironet_1562_firmwareaironet_3800paironet_2800eaironet_1562daironet_2800_firmwareaironet_3800iaironet_2800iaironet_3800_firmwareaironet_1562iCisco Aironet 1560, 2800, and 3800 Series Access Point Platforms
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0775
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 23.01%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 16:23
Updated-18 Feb, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth LE Invalid prepare write request command leads to denial of service

An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service.

Action-Not Available
Vendor-silabssilabs.com
Product-gecko_software_development_kitGSDK
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6361
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.12% / 62.22%
||
7 Day CHG~0.00%
Published-22 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-aironet_access_point_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-8007
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-7.1||HIGH
EPSS-0.24% / 14.91%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 12:29
Updated-17 Sep, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation 1756-ENT2R, EN4TR, EN4TRXT Vulnerability

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-1756-en4tr_firmware1756-en2tr_series_a_firmware1756-en2tr_series_c1756-en2tr_series_c_firmware1756-en2tr_series_b1756-en4trxt_firmware1756-en2tr_series_a1756-en4trxt1756-en4tr1756-en2tr_series_b_firmware1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT
CWE ID-CWE-20
Improper Input Validation
CVE-2025-7375
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.22% / 12.31%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 17:47
Updated-09 Mar, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Denial-of-Service Vulnerability in Omada EAP610

A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-omada_eap610_firmwareomada_eap610EAP610 v3
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.72% / 49.43%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic."

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_protocol_security_modulebig-ip_advanced_firewall_managerbig-ip_analyticsbig-ip_local_traffic_managerbig-ip_webacceleratorbig-ip_access_policy_managerbig-ip_wan_optimization_managerbig-ip_link_controllerbig-ip_global_traffic_managerbig-ip_policy_enforcement_managerbig-ip_edge_gatewaybig-ip_application_security_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 68.76%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 03:28
Updated-06 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0174
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.05%
||
7 Day CHG+0.01%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-proset_ac_3165amt_wi-fi_6_ax201proset_ac_9462amt_ac_9560_firmwareproset_ac_8265killer_wi-fi_6_ax1650amt_wi-fi_6_ax201_firmwareproset_ac_3165_firmwareamt_ac_8265_firmwareproset_ac_8260proset_ac_9461_firmwareproset_wi-fi_6_ax201_firmwareproset_wi-fi_6e_ax210proset_wireless_7265_\(rev_d\)_firmwareamt_wi-fi_6_ax210_firmwareproset_wi-fi_6_ax200_firmwarekiller_wi-fi_6_ax1650_firmwareproset_wi-fi_6_ax200proset_ac_9461proset_ac_8260_firmwareamt_wi-fi_6_ax200amt_wi-fi_6_ax210amt_ac_8260_firmwareamt_ac_8260killer_ac_1550_firmwareamt_ac_9260_firmwareproset_ac_8265_firmwareproset_wireless_7265_\(rev_d\)proset_ac_9462_firmwareproset_wi-fi_6_ax201killer_wi-fi_6e_ax1675_firmwareproset_wi-fi_6e_ax210_firmwareproset_ac_9260killer_wi-fi_6e_ax1675proset_ac_9560amt_wi-fi_6_ax200_firmwareamt_ac_9260proset_ac_9260_firmwareamt_ac_8265amt_ac_9560proset_ac_9560_firmwarekiller_ac_1550proset_ac_3168proset_ac_3168_firmwareIntel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0756
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.74% / 50.03%
||
7 Day CHG+0.01%
Published-29 May, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0679
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.63% / 45.73%
||
7 Day CHG~0.00%
Published-28 Mar, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-4.74% / 90.77%
||
7 Day CHG~0.00%
Published-30 Dec, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.

Action-Not Available
Vendor-hotn/a
Product-hotbox_router_firmwarehotbox_routern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33110
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.42%
||
7 Day CHG+0.01%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-ac_9462_firmwarewindows_10ac_9560_firmwarewindows_11ax200_firmwareax210_firmwareac_8260_firmwareac_7265_firmwareac_1550_firmwareac_9461_firmwareac_9260_firmwareax1650_firmwareac_3168_firmwareax1675_firmwareac_3165_firmwareac_8265_firmwareax201_firmwareIntel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11
CWE ID-CWE-20
Improper Input Validation
CVE-2025-59596
Matching Score-4
Assigner-Absolute Software
ShareView Details
Matching Score-4
Assigner-Absolute Software
CVSS Score-6||MEDIUM
EPSS-0.20% / 9.67%
||
7 Day CHG+0.02%
Published-04 Nov, 2025 | 22:51
Updated-10 Feb, 2026 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash.

Action-Not Available
Vendor-Absolute Software Corporation
Product-secure_accessSecure Access
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3284
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.21% / 64.62%
||
7 Day CHG~0.00%
Published-25 May, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_1023_routerios_xeasr_1002_fixed_routerasr_1002-xasr_1002asr_1001asr_1006asr_1013asr_1004n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3798
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.93% / 77.50%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:14
Updated-06 Aug, 2024 | 10:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3273
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.77% / 50.99%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3379
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.87% / 54.49%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-network_convergence_system_6008ios_xrnetwork_convergence_system_6000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3322
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.21% / 64.58%
||
7 Day CHG~0.00%
Published-24 Jul, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_9922asr_9001asr_9000_rsp440_routerasr_9904asr_9912asr_9006asr_9010ios_xrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3363
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.84% / 53.48%
||
7 Day CHG~0.00%
Published-24 May, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1910
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.45% / 35.81%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 21:00
Updated-21 Nov, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Intermediate System to Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of the Intermediate System&ndash;to&ndash;Intermediate System (IS&ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS&ndash;IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS&ndash;IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS&ndash;IS area to unexpectedly restart the IS&ndash;IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrcarrier_routing_systemCisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1749
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.60% / 44.64%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:55
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2025-44526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.72%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 00:00
Updated-18 Jul, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8762ekf-evbrtl8762e_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
CVE-2025-40556
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.21% / 10.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation.

Action-Not Available
Vendor-Siemens AG
Product-BACnet ATEC 550-446BACnet ATEC 550-445BACnet ATEC 550-441BACnet ATEC 550-440
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1960
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 14.09%
||
7 Day CHG+0.01%
Published-09 Sep, 2021 | 07:35
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca2066sm7250sa6150p_firmwaresm6250p_firmwareqcs610qca8337qca6431_firmwarewcd9360_firmwarewcn3950_firmwaresc8180x\+sdx55ipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresa6155qca6335qca2062csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gqsm8350_firmwaresd710_firmwareqsm8350sd460_firmwareqca6574au_firmwarewcd9375_firmwaresa6155_firmwarewcn3998_firmwareqca6420wcd9360wcn3999qrb5165_firmwareipq5028qcs6125sa8155_firmwaresd662_firmwareqcs405qca6430sc8280xp_firmwarewcd9340sd765gqca6436wcn6851sa6155pqcn6122wcd9341qca2066_firmwareqca6431qca6696_firmwarewcd9371sd750gsd870_firmwareqca1062wcn3910_firmwaresd_8cxsa8150pwsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3988sa8195p_firmwareqcn7606_firmwarewcn6750_firmwareipq5018_firmwarewcn3991qca8337_firmwarewcd9380_firmwareqca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574wcd9380qcs410sd690_5g_firmwaresdx50m_firmwareqca6430_firmwareqcn9012_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850sd7cwcn3910sd_8c_firmwareqca6426_firmwareqcn9024wcn3980_firmwarewcn6745_firmwaresd730sdx55mqca6421_firmwareqca2062_firmwarewcn6740_firmwaresd678_firmwarear8031_firmwareqrb5165wcn6851_firmwaresd670qca6564a_firmwareqcn9024_firmwaresd480sd870wcn6855qcn7605_firmwareqcs610_firmwaresa6145psdxr1ar8031qca6595_firmwareqcs405_firmwaresa8145pqca6391_firmwareqca2064sd780g_firmwarewcd9370_firmwaresdx55sd888_firmwaresc8280xpsa8155pcsra6640sd675ar8035_firmwareqcn7606wcn3991_firmwarewsa8830sd678qcn9070sa8145p_firmwareqca1062_firmwaresm7250_firmwaresd7c_firmwarecsrb31024csra6620qcn9072sd765g_firmwareqca6420_firmwareqca6390_firmwareqca2064_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqcn9000_firmwareipq5018sd_8cx_firmwareqcn7605sdxr2_5g_firmwarewcd9385_firmwarewcd9326_firmwarewcn6745qca2065sd662qca1064sa8155sdx55_firmwareqca6595auqcn6023_firmwarewcn3999_firmwareqca6436_firmwareipq5010qca6564au_firmwareqca6584ausa6155p_firmwareqca6310sd778gsa515m_firmwareqcs6490sdxr2_5gsa415m_firmwarewcn3988_firmwareqcn9074sa6145p_firmwareqca6421sd778g_firmwaresm6250sa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qcn6023wcd9385qca2065_firmwareqcs6490_firmwarear8035qca6390sd750g_firmwareaqt1000wcd9375sc8180x\+sdx55_firmwaresm6250_firmwareqcn9100_firmwareipq5010_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwareqcx315qca6564aqcm6125_firmwarewcn3990qcn9000sd_675sd780gsd865_5gqca6595qcn9012sd888qcn6122_firmwareqcx315_firmwarewsa8835sd665_firmwaresd888_5gsm6250pqca6574awcn6855_firmwareqca6310_firmwaresm7325wcn6750sa515mqca6574_firmwaresd855sd665qca6175asd765qca6574a_firmwaresd768g_firmwaresd460qca6391sdxr1_firmwareaqt1000_firmwareqcn9100csrb31024_firmwareqcm6490_firmwaresdx50mqcn9070_firmwaresd480_firmwareqca6574ausa8155p_firmwaresd710wcd9341_firmwareqcm6125wsa8810wcn6856sd_8csd768gqca1064_firmwarewcn6740qca6696sd845_firmwaresa6150pqcn9022_firmwareqcn6024qcn9022sd845qcn9072_firmwaresd720g_firmwareqcn9074_firmwareqcs410_firmwareqca6175a_firmwaresm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1780
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.69% / 48.31%
||
7 Day CHG~0.00%
Published-07 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0173
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.05%
||
7 Day CHG+0.01%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-proset_ac_3165amt_wi-fi_6_ax201proset_ac_9462amt_ac_9560_firmwareproset_ac_8265killer_wi-fi_6_ax1650amt_wi-fi_6_ax201_firmwareproset_ac_3165_firmwareamt_ac_8265_firmwareproset_ac_8260proset_ac_9461_firmwareproset_wi-fi_6_ax201_firmwareproset_wi-fi_6e_ax210proset_wireless_7265_\(rev_d\)_firmwareamt_wi-fi_6_ax210_firmwareproset_wi-fi_6_ax200_firmwarekiller_wi-fi_6_ax1650_firmwareproset_wi-fi_6_ax200proset_ac_9461proset_ac_8260_firmwareamt_wi-fi_6_ax200amt_wi-fi_6_ax210amt_ac_8260_firmwareamt_ac_8260killer_ac_1550_firmwareamt_ac_9260_firmwareproset_ac_8265_firmwareproset_wireless_7265_\(rev_d\)proset_ac_9462_firmwareproset_wi-fi_6_ax201killer_wi-fi_6e_ax1675_firmwareproset_wi-fi_6e_ax210_firmwareproset_ac_9260killer_wi-fi_6e_ax1675proset_ac_9560amt_wi-fi_6_ax200_firmwareamt_ac_9260proset_ac_9260_firmwareamt_ac_8265amt_ac_9560proset_ac_9560_firmwarekiller_ac_1550proset_ac_3168proset_ac_3168_firmwareIntel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0179
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 29.85%
||
7 Day CHG+0.01%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-proset_ac_3165amt_wi-fi_6_ax201proset_ac_9462amt_ac_9560_firmwareproset_ac_8265killer_wi-fi_6_ax1650amt_wi-fi_6_ax201_firmwareproset_ac_3165_firmwareamt_ac_8265_firmwareproset_ac_8260proset_ac_9461_firmwareproset_wi-fi_6_ax201_firmwareproset_wi-fi_6e_ax210proset_wireless_7265_\(rev_d\)_firmwareamt_wi-fi_6_ax210_firmwareproset_wi-fi_6_ax200_firmwarekiller_wi-fi_6_ax1650_firmwareproset_wi-fi_6_ax200proset_ac_9461proset_ac_8260_firmwareamt_wi-fi_6_ax200amt_wi-fi_6_ax210amt_ac_8260_firmwareamt_ac_8260killer_ac_1550_firmwareamt_ac_9260_firmwareproset_ac_8265_firmwareproset_wireless_7265_\(rev_d\)proset_ac_9462_firmwareproset_wi-fi_6_ax201killer_wi-fi_6e_ax1675_firmwareproset_wi-fi_6e_ax210_firmwareproset_ac_9260killer_wi-fi_6e_ax1675proset_ac_9560amt_wi-fi_6_ax200_firmwareamt_ac_9260proset_ac_9260_firmwareamt_ac_8265amt_ac_9560proset_ac_9560_firmwarekiller_ac_1550proset_ac_3168proset_ac_3168_firmwareIntel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0063
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 29.40%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:27
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ax1650ax1675_firmwareac_9462ac_8265ac_3165_firmwareac_9560_firmwareac_8265_firmwareax1675ax200ac_3165ac_9461ac_8260ac_9260ax1650_firmwareac_9461_firmwareac_9462_firmwareac_3168ac_9560ax200_firmware7265_firmwareac1550_firmwareac_3168_firmwareax201ax210_firmwareax201_firmwareac_9260_firmwareac1550ac_8260_firmwareax2107265Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0267
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.4||HIGH
EPSS-0.47% / 37.06%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to core.

An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued receipt and processing of this crafted packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS Evolved.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0079
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 29.40%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:39
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ax1650ax1675_firmwareac_9462ac_8265ac_3165_firmwareac_9560_firmwareac_8265_firmwareax1675ax200ac_3165ac_9461ac_8260ac_9260ax1650_firmwareac_9461_firmwareac_9462_firmwareac_3168ac_9560ax200_firmware7265_firmwareac1550_firmwareac_3168_firmwareax201ax210_firmwareax201_firmwareac_9260_firmwareac1550ac_8260_firmwareax2107265Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found