Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-1186

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-06 Mar, 2023 | 07:09
Updated At-25 Nov, 2024 | 15:22
Rejected At-
Credits

FabulaTech Webcam for Remote Desktop IOCTL ftwebcam.sys 0x222018 null pointer dereference

A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects the function 0x222010/0x222018 in the library ftwebcam.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:06 Mar, 2023 | 07:09
Updated At:25 Nov, 2024 | 15:22
Rejected At:
▼CVE Numbering Authority (CNA)
FabulaTech Webcam for Remote Desktop IOCTL ftwebcam.sys 0x222018 null pointer dereference

A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects the function 0x222010/0x222018 in the library ftwebcam.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.

Affected Products
Vendor
FabulaTech
Product
Webcam for Remote Desktop
Modules
  • IOCTL Handler
Versions
Affected
  • 2.8.42
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.03.3LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.01.7N/A
AV:L/AC:L/Au:S/C:N/I:N/A:P
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.0
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 2.0
Base score: 1.7
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
analyst
Zeze7w (VulDB User)
Timeline
EventDate
Advisory disclosed2023-03-06 00:00:00
CVE reserved2023-03-06 00:00:00
VulDB entry created2023-03-06 01:00:00
VulDB entry last update2023-03-31 16:24:18
Event: Advisory disclosed
Date: 2023-03-06 00:00:00
Event: CVE reserved
Date: 2023-03-06 00:00:00
Event: VulDB entry created
Date: 2023-03-06 01:00:00
Event: VulDB entry last update
Date: 2023-03-31 16:24:18
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.222358
vdb-entry
technical-description
https://vuldb.com/?ctiid.222358
signature
permissions-required
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1186
exploit
Hyperlink: https://vuldb.com/?id.222358
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.222358
Resource:
signature
permissions-required
Hyperlink: https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1186
Resource:
exploit
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.222358
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.222358
signature
permissions-required
x_transferred
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1186
exploit
x_transferred
Hyperlink: https://vuldb.com/?id.222358
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.222358
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1186
Resource:
exploit
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:06 Mar, 2023 | 08:15
Updated At:17 May, 2024 | 02:17

A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects the function 0x222010/0x222018 in the library ftwebcam.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary2.01.7LOW
AV:L/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 2.0
Base score: 1.7
Base severity: LOW
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
fabulatech
fabulatech
>>webcam_for_remote_desktop>>2.8.42
cpe:2.3:a:fabulatech:webcam_for_remote_desktop:2.8.42:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarycna@vuldb.com
CWE ID: CWE-476
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1186cna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.222358cna@vuldb.com
Third Party Advisory
https://vuldb.com/?id.222358cna@vuldb.com
Third Party Advisory
Hyperlink: https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1186
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.222358
Source: cna@vuldb.com
Resource:
Third Party Advisory
Hyperlink: https://vuldb.com/?id.222358
Source: cna@vuldb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1498Records found
CVE-2023-1587
Matching Score-10
Assigner-NortonLifeLock Inc.
ShareView Details
Matching Score-10
Assigner-NortonLifeLock Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.05% / 15.78%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 18:39
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11

Action-Not Available
Vendor-avgavastAVASTAVGMicrosoft Corporation
Product-anti-virusantiviruswindowsAVG AntivirusAvast Antivirus
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0196
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 9.54%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 01:23
Updated-07 Mar, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelcuda_toolkitNVIDIA CUDA Toolkit
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-12656
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.92%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 17:00
Updated-19 Dec, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference

A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-fabulatechFabulaTech
Product-usb_over_networkUSB over Network
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-12653
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 6.20%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:31
Updated-18 Dec, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference

A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-fabulatechFabulaTech
Product-usb_over_networkUSB over Network
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-12655
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 16:31
Updated-19 Dec, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference

A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-fabulatechFabulaTech
Product-usb_over_networkUSB over Network
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-12654
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 6.20%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 16:00
Updated-18 Dec, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference

A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-fabulatechFabulaTech
Product-usb_over_networkUSB over Network
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34678
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.48%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationRed Hat, Inc.VMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-virtual_gpulinux_kernelwindowscloud_gamingenterprise_linux_kernel-based_virtual_machinehypervisorvspherevGPU software (guest driver) - Windows, Linux and vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34683
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.76%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34666
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 16.90%
||
7 Day CHG+0.01%
Published-10 Nov, 2022 | 00:00
Updated-01 May, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationNVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorwindowscloud_gamingNVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31022
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.06%
||
7 Day CHG+0.04%
Published-02 Nov, 2023 | 18:56
Updated-27 Feb, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

Action-Not Available
Vendor-linux-kvmCitrix (Cloud Software Group, Inc.)NVIDIA CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcilinux_kernelvirtual_gpuenterprise_linuxhypervisorwindowsvsphereNVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31021
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.91%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-05 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-linux-kvmVMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Microsoft Corporation
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcivirtual_gpuenterprise_linuxhypervisorvspherevGPU driver and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25510
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 9.54%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:33
Updated-04 Feb, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelcuda_toolkitNVIDIA CUDA Toolkit
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31018
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.48%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-27 Feb, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-linux-kvmCitrix (Cloud Software Group, Inc.)NVIDIA CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcilinux_kernelvirtual_gpuenterprise_linuxhypervisorwindowsvspherevGPU driver and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2871
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.03% / 5.34%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 17:31
Updated-22 Nov, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech USB for Remote Desktop IoControlCode 0x220408 null pointer dereference

A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-fabulatechFabulaTech
Product-usb_for_remote_desktopUSB for Remote Desktop
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-21815
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.01%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 20:00
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-studiogpu_display_drivervirtual_gpunvswindowsteslaquadrocloud_gaming_guestgeforcertxNVIDIA GPU Display Driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25071
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.06% / 17.45%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers
CWE ID-CWE-395
Use of NullPointerException Catch to Detect NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-23441
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 4.91%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 16:06
Updated-17 Jun, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vba32 Antivirus v3.36.0 - Denial of Service (DoS)

Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver.

Action-Not Available
Vendor-anti-virusVirusBlokAdaMicrosoft Corporation
Product-windowsvba32Vba32 Antivirus
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-20556
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:14
Updated-10 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsamd_uproflinux_kernelμProf
CVE-2023-20561
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:14
Updated-10 Oct, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsamd_uproflinux_kernelμProf
CVE-2021-3848
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.08%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 09:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityTrend Micro Apex OneTrend Micro Worry-Free Business Security
CVE-2021-38959
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 14:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. IBM X-Force ID: 212046.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsspss_statisticsSPSS Statistics
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0481
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 70.40%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistan/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-1187
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.04% / 8.63%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 07:09
Updated-02 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech Webcam for Remote Desktop Global Variable ftwebcam.sys denial of service

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.

Action-Not Available
Vendor-fabulatechFabulaTechMicrosoft Corporation
Product-webcam_for_remote_desktopwindowsWebcam for Remote Desktop
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-26181
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 53.74%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Denial of Service Vulnerability

Windows Kernel Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0187
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-01 Apr, 2023 | 04:44
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpuvGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-26172
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.23%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Information Disclosure Vulnerability

Windows DWM Core Library Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows 11 version 22H3Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-1188
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.04% / 11.92%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 07:10
Updated-05 Mar, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech Webcam for Remote Desktop IoControlCode ftwebcam.sys 0x222018 denial of service

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is the function 0x222018 in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360.

Action-Not Available
Vendor-fabulatechFabulaTechMicrosoft Corporation
Product-webcam_for_remote_desktopwindowsWebcam for Remote Desktop
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-0002
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.44%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 17:21
Updated-25 Mar, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cortex XDR Agent: Product Disruption by Local Windows User

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.

Action-Not Available
Vendor-Microsoft CorporationPalo Alto Networks, Inc.
Product-cortex_xdr_agentwindowsCortex XDR agent
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-20699
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:56
Updated-03 May, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-20671
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 51.25%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender Security Feature Bypass Vulnerability

Microsoft Defender Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_defender_antimalware_platformWindows Defender Antimalware Platform
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-21408
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 64.04%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1607Windows Server 2016 (Server Core installation)Windows Server 2016Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1507Windows 10 Version 1809
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-0092
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Microsoft Corporation
Product-ubuntu_linuxstudioazure_stack_hcigpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxGPU display driver, vGPU software, and Cloud Gaming
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2023-48676
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.07% / 21.31%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 13:32
Updated-01 May, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowsagentAcronis Cyber Protect Cloud Agent
CWE ID-CWE-862
Missing Authorization
CVE-2023-4891
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.31%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:00
Updated-03 Sep, 2024 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.

Action-Not Available
Vendor-Microsoft CorporationLenovo Group Limited
Product-windowsview_driverLenovo View Driver
CWE ID-CWE-416
Use After Free
CVE-2021-31185
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Desktop Bridge Denial of Service Vulnerability

Windows Desktop Bridge Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows Server version 2004Windows 10 Version 2004Windows Server version 20H2Windows 10 Version 20H2
CVE-2021-31970
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 74.31%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Driver Security Feature Bypass Vulnerability

Windows TCP/IP Driver Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-1455
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.81% / 73.30%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Management Studio Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service. To exploit the vulnerability, an attacker would first require execution on the victim system. The security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_management_studioSQL Server Management Studio 18.6
CVE-2021-25252
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.70%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 15:43
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Action-Not Available
Vendor-Linux Kernel Organization, IncNovellELAN Microelectronics CorporationNetApp, Inc.Microsoft CorporationTrend Micro IncorporatedApple Inc.
Product-deep_securityscanmail_for_ibm_dominoserverprotectserverprotect_for_network_appliance_filersworry-free_business_securityofficescanscanmailsafe_lockmacoscloud_edgenetwareportal_protectinterscan_messaging_security_virtual_applianceinterscan_web_security_virtual_appliancecluster_data_ontaplinux_kerneldeep_discovery_email_inspectordeep_discovery_inspectordeep_discovery_analyzerserverprotect_for_storageapex_onewindowscontrol_managerapex_centralcelerra_network_attached_storageTrend Micro Virus Scan API (VSAPI) Engine
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12960
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.13%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 19:47
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-28438
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Console Driver Denial of Service Vulnerability

Windows Console Driver Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-28443
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.90%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Console Driver Denial of Service Vulnerability

Windows Console Driver Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-26892
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.75% / 72.11%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:42
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2025-29955
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.11% / 30.58%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:59
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_24h2Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2025-25193
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.55%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 22:02
Updated-11 Jun, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service attack on windows app using Netty

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix.

Action-Not Available
Vendor-The Netty ProjectMicrosoft Corporation
Product-nettywindowsnetty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21997
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.87%
||
7 Day CHG~0.00%
Published-18 Jun, 2021 | 12:41
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-windowstoolsVMware Tools for Windows
CVE-2021-21096
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.08%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 13:49
Updated-23 Apr, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Genuine Software Service Incorrect Permission Assignment could lead to Denial-of-Service

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-285
Improper Authorization
CVE-2025-21278
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2022_23h2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-1450
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.26%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:31
Updated-08 Nov, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin.

Action-Not Available
Vendor-Linux Kernel Organization, IncCisco Systems, Inc.Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelanyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21274
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Denial of Service Vulnerability

Windows Event Tracing Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2022_23h2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-21280
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 41.75%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Virtual Trusted Platform Module Denial of Service Vulnerability

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_10_21h2windows_server_2022_23h2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 29
  • 30
  • Next
Details not found