Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-44375

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-14 Apr, 2022 | 19:56
Updated At-15 Apr, 2025 | 19:06
Rejected At-
Credits

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:14 Apr, 2022 | 19:56
Updated At:15 Apr, 2025 | 19:06
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Affected Products
Vendor
Reolink Innovation LimitedReolink
Product
RLC-410W
Versions
Affected
  • v3.0.0.136_20121102
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.08.6HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421
x_refsource_MISC
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421
x_refsource_MISC
x_transferred
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:14 Apr, 2022 | 20:15
Updated At:21 Apr, 2022 | 15:52

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.08.6HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Reolink Innovation Limited
reolink
>>rlc-410w_firmware>>3.0.0.136_20121102
cpe:2.3:o:reolink:rlc-410w_firmware:3.0.0.136_20121102:*:*:*:*:*:*:*
Reolink Innovation Limited
reolink
>>rlc-410w>>-
cpe:2.3:h:reolink:rlc-410w:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE-20Secondarytalos-cna@cisco.com
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: talos-cna@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421talos-cna@cisco.com
Exploit
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421
Source: talos-cna@cisco.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1614Records found
CVE-2021-44389
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44390
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44404
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44393
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44407
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44411
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44381
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44400
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.19% / 40.98%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44358
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44357
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.29% / 51.89%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wRLC-410W
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44360
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44418
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44414
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44413
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-40423
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:10
Updated-15 Apr, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44385
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:42
Updated-15 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21801
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.30% / 52.47%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:10
Updated-15 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-40406
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.62% / 68.96%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:10
Updated-15 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-21796
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.67% / 70.34%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:10
Updated-15 Apr, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39944
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.20%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 03:13
Updated-01 Aug, 2024 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Action-Not Available
Vendor-Dahua Technology Co., Ltd
Product-IPC-HX8XXX and NVR4XXXipc-hf8xxx_firmwareipc-hfw8xxxnvr4832-i
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1067
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.60% / 68.57%
||
7 Day CHG~0.00%
Published-23 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.

Action-Not Available
Vendor-n/aFedora Project
Product-389_directory_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0779
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.48% / 80.20%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGoogle LLC
Product-debian_linuxchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-39949
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.20%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 03:42
Updated-19 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Action-Not Available
Vendor-Dahua Technology Co., Ltd
Product-nvr4216-16p-4ks3nvr4216-16p-4ks2\/l_firmwarenvr4108hs-4ks3\(960g\)nvr4208-8p-4ks2\/l_firmwarenvr4108hs-p-4ks2\/lnvr4232-4ks2\/lnvr4104-4ks2\/l_firmwarenvr4832-16p-4ks2\/invr4108hs-8p-4ks2\/lnvr4416-16p-4ks2\/invr4216-4ks2\/l_firmwarenvr4104-4ks3_firmwarenvr4116-8p-4ks2\/l_firmwarenvr4104hs-p-4ks3_firmwarenvr4108-4ks2\/l_firmwarenvr4104hs-p-4ks2\/l_firmwarenvr4232-4ks2\/l_firmwarenvr4432-4ks2\/invr4104-p-4ks3nvr4116-4ks3nvr4208-4ks3nvr4104hs-4ks3nvr4208-8p-4ks3_firmwarenvr4104-p-4ks2\/l_firmwarenvr4116hs-4ks3nvr4104-p-4ks3\(960g\)nvr4416-4ks2\/i_firmwarenvr4216-4ks3_firmwarenvr4832-4ks2\/invr4816-4ks2\/i_firmwarenvr4232-16p-4ks3_firmwarenvr4208-8p-4ks3nvr4204-p-4ks3nvr4832-16p-4ks2\/i_firmwarenvr4108hs-4ks2\/lnvr4104-4ks2\/lnvr4108hs-p-4ks3nvr4108hs-4ks3_firmwarenvr4108hs-4ks3nvr4108-p-4ks3_firmwarenvr4432-16p-4ks2\/invr4104hs-p-4ks2\/lnvr4832-4ks2\/i_firmwarenvr4416-16p-4ks2\/i_firmwarenvr4104-p-4ks3_firmwarenvr4104hs-p-4ks3nvr4232-4ks3nvr4432-16p-4ks2\/i_firmwarenvr4208-4ks2\/l_firmwarenvr4232-16p-4ks2\/lnvr4116-4ks3_firmwarenvr4104-4ks3nvr4116hs-4ks2\/lnvr4104-p-4ks3\(960g\)_firmwarenvr4204-4ks2\/l_firmwarenvr4108-p-4ks2\/lnvr4104hs-4ks3\(960g\)nvr4216-16p-4ks3_firmwarenvr4108hs-p-4ks2\/l_firmwarenvr4108hs-4ks2\/l_firmwarenvr4104hs-4ks2\/lnvr4108hs-8p-4ks3nvr4208-4ks3_firmwarenvr4116hs-4ks2\/l_firmwarenvr4116hs-8p-4ks2\/lnvr4104-p-4ks2\/lnvr4116hs-4ks3_firmwarenvr4104hs-p-4ks3\(960g\)nvr4108hs-8p-4ks2\/l_firmwarenvr4816-4ks2\/invr4816-16p-4ks2\/invr4108hs-p-4ks3_firmwarenvr4204-p-4ks2\/lnvr4104hs-4ks3_firmwarenvr4204-4ks2\/lnvr4108-4ks3nvr4204-p-4ks2\/l_firmwarenvr4108-8p-4ks2\/lnvr4208-8p-4ks2\/lnvr4108-8p-4ks3_firmwarenvr4204-4ks3nvr4204-p-4ks3_firmwarenvr4108-8p-4ks2\/l_firmwarenvr4416-4ks2\/invr4116-4ks2\/l_firmwarenvr4232-16p-4ks3nvr4232-16p-4ks2\/l_firmwarenvr4108-p-4ks2\/l_firmwarenvr4104hs-p-4ks3\(960g\)_firmwarenvr4232-4ks3_firmwarenvr4108-4ks3_firmwarenvr4204-4ks3_firmwarenvr4816-16p-4ks2\/i_firmwarenvr4116-8p-4ks3nvr4108-p-4ks3nvr4104hs-4ks3\(960g\)_firmwarenvr4104hs-4ks2\/l_firmwarenvr4432-4ks2\/i_firmwarenvr4108-8p-4ks3nvr4108-4ks2\/lnvr4116-8p-4ks3_firmwarenvr4116-4ks2\/lnvr4116hs-8p-4ks3nvr4116-8p-4ks2\/lnvr4208-4ks2\/lnvr4216-16p-4ks2\/lnvr4216-4ks3nvr4216-4ks2\/lnvr4108hs-8p-4ks3_firmwarenvr4108hs-4ks3\(960g\)_firmwarenvr4116hs-8p-4ks3_firmwarenvr4116hs-8p-4ks2\/l_firmwareNVR4XXXnvr4xxx_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24615
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.13%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:38
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.71%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.

Action-Not Available
Vendor-3realityn/a
Product-3rsb015bz3rsb015bz_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.49% / 80.31%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.46% / 89.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1436
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.46% / 62.94%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-37917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.39%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:00
Updated-18 Jun, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30442
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 00:01
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38525
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.29%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 21:10
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2.

Action-Not Available
Vendor-DataDogdatadoghq
Product-dd-trace-cppdd-trace-cpp
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30445
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:28
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0040
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-40.23% / 97.24%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38230
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.06% / 83.17%
||
7 Day CHG-0.52%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30448
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:19
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.38% / 79.53%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29255
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.30%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 12:47
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM DB2 for Linux, UNIX and Windows denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-2914
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-7.5||HIGH
EPSS-24.16% / 95.85%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 15:01
Updated-08 Oct, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanager_thinserverThinManager ThinServerthinmanager_thinserver
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-37794
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.

Action-Not Available
Vendor-n/acvc5
Product-n/acvc5
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.66% / 70.09%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-openafsn/a
Product-openafsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36734
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.71%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 18:44
Updated-02 May, 2025 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0015
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.35% / 84.25%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30446
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:09
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36742
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.08%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:10
Updated-02 May, 2025 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29258
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.26%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:12
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30449
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:31
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0529
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.62%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 15:17
Updated-06 Aug, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

Action-Not Available
Vendor-weborf_projectweborfDebian GNU/Linux
Product-weborfdebian_linuxweborf
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.69%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:43
Updated-02 May, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.

Action-Not Available
Vendor-oneflown/aoneflow
Product-oneflown/aoneflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-229
Improper Handling of Values
CVE-2016-1409
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-4.14% / 88.19%
||
7 Day CHG+0.72%
Published-29 May, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosnx-osios_xeios_xrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.65% / 92.07%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 32
  • 33
  • Next
Details not found