Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-42526

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Sep, 2023 | 00:00
Updated At-25 Sep, 2024 | 15:49
Rejected At-
Credits

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Sep, 2023 | 00:00
Updated At:25 Sep, 2024 | 15:49
Rejected At:
▼CVE Numbering Authority (CNA)

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.withsecure.com/en/support/security-advisories
N/A
Hyperlink: https://www.withsecure.com/en/support/security-advisories
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.withsecure.com/en/support/security-advisories
x_transferred
Hyperlink: https://www.withsecure.com/en/support/security-advisories
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Sep, 2023 | 06:15
Updated At:22 Sep, 2023 | 00:35

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
WithSecure Corporation
withsecure
>>client_security>>15
cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*
WithSecure Corporation
withsecure
>>elements_endpoint_protection>>Versions from 17(inclusive)
cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*
WithSecure Corporation
withsecure
>>email_and_server_security>>15
cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*
WithSecure Corporation
withsecure
>>server_security>>15
cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
WithSecure Corporation
withsecure
>>client_security>>15
cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*
WithSecure Corporation
withsecure
>>elements_endpoint_protection>>Versions from 17(inclusive)
cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>-
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
WithSecure Corporation
withsecure
>>linux_protection>>12.0
cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*
WithSecure Corporation
withsecure
>>linux_security_64>>12.0
cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
WithSecure Corporation
withsecure
>>atlant>>1.0.35-1
cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.withsecure.com/en/support/security-advisoriescve@mitre.org
Vendor Advisory
Hyperlink: https://www.withsecure.com/en/support/security-advisories
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1692Records found
CVE-2022-21155
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.61%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-16 Apr, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fernhill SCADA Uncontrolled Resource Consumption

A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit.

Action-Not Available
Vendor-fernhillsoftwareFernhillLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-scada_serverwindowsmacoslinux_kernelSCADA Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2017-5972
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-20.77% / 95.38%
||
7 Day CHG~0.00%
Published-14 Feb, 2017 | 06:30
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-26190
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.20%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft QUIC Denial of Service Vulnerability

Microsoft QUIC Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2visual_studio_2022.netwindows_11_21h2windows_11_23h2windows_server_2022windows_11_22h2powershellPowerShell 7.4Windows 11 version 22H3Microsoft Visual Studio 2022 version 17.6Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Microsoft Visual Studio 2022 version 17.8.NET 7.0.NET 8.0Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2022Microsoft Visual Studio 2022 version 17.4PowerShell 7.3Microsoft Visual Studio 2022 version 17.9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-26215
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-7.58% / 91.46%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Denial of Service Vulnerability

DHCP Server Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-32927
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.08%
||
7 Day CHG+0.02%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-3336
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-23.65% / 95.77%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 19:32
Updated-06 Aug, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

Action-Not Available
Vendor-The PHP GroupApple Inc.FreeBSD FoundationOpenBSD
Product-openbsdfreebsdphpmac_os_xmacOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-2189
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-10.90% / 93.12%
||
7 Day CHG~0.00%
Published-10 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-linux_kernelenterprise_linuxdebian_linuxubuntu_linuxenterprise_mrgn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-49096
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-9.01% / 92.28%
||
7 Day CHG+1.16%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_24h2windows_server_2025windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-49075
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.88% / 85.78%
||
7 Day CHG+0.40%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Denial of Service Vulnerability

Windows Remote Desktop Services Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_24h2windows_server_2025windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows 10 Version 22H2Windows Server 2019Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-5364
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.58% / 95.51%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 14:16
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_vistawindows_server_2003n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-5362
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.58% / 95.51%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 14:22
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_vistawindows_server_2003n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-43545
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-19.04% / 95.10%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-43515
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-7.61% / 91.48%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability

Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-43544
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-19.04% / 95.10%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability

Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-43506
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-21.09% / 95.44%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BranchCache Denial of Service Vulnerability

BranchCache Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 10 Version 22H2Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-43541
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-19.04% / 95.10%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability

Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-38067
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-8.37% / 91.94%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2012Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-0709
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.16%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1298
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.77%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 18:47
Updated-06 Aug, 2024 | 22:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.

Action-Not Available
Vendor-n/aApple Inc.Google LLC
Product-macosblinkn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-21911
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-16.18% / 94.55%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Denial of Service Vulnerability

.NET Framework Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_serverwindows_server_2012windows_8.1windows_7windows_11windows_10.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 4.8Microsoft .NET Framework 4.6Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.5 AND 4.7.2
CVE-2023-2953
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.24%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-10 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Action-Not Available
Vendor-openldapn/aRed Hat, Inc.Apple Inc.NetApp, Inc.
Product-h300smacosh500s_firmwareh410s_firmwareh700s_firmwareh410sh700sh410c_firmwareontap_toolsactive_iq_unified_managerenterprise_linuxh500sh410ch300s_firmwareclustered_data_ontapopenldapopenldap
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-24464
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.16%
||
7 Day CHG+0.16%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Fedora ProjectMicrosoft Corporation
Product-visual_studio_2022visual_studio_2019fedora.net.net_coreMicrosoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10).NET Core 3.1.NET 6.0Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 5.0Microsoft Visual Studio 2022 version 17.0
CVE-2024-38148
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-28.25% / 96.33%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Channel Denial of Service Vulnerability

Windows Secure Channel Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_11_24h2windows_11_21h2windows_server_2022windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2Windows 11 version 21H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-30442
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 00:01
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38573
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.11%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 13:35
Updated-04 May, 2025 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cppc_cpufreq: Fix possible null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxacrnlinux_kernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-41766
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.84%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 14:37
Updated-21 Mar, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Publishing denial of service

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelengineering_lifecycle_optimization_publishingwindowsEngineering Lifecycle Optimization Publishing
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-30445
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:28
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38230
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.06% / 83.17%
||
7 Day CHG-0.52%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38232
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-27.19% / 96.20%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Networking Denial of Service Vulnerability

Windows Networking Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1607Windows 10 Version 1607Windows Server 2016 (Server Core installation)Windows Server 2016
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38071
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-36.14% / 96.98%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2012Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)
CWE ID-CWE-126
Buffer Over-read
CVE-2023-30448
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:19
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38233
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-27.19% / 96.20%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Networking Denial of Service Vulnerability

Windows Networking Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1607Windows 10 Version 1607Windows Server 2016 (Server Core installation)Windows Server 2016
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38231
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.85% / 85.69%
||
7 Day CHG-0.71%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-285
Improper Authorization
CVE-2023-29255
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.30%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 12:47
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM DB2 for Linux, UNIX and Windows denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38146
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-30.30% / 96.52%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows 11 Version 24H2Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-30446
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:09
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29258
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.26%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:12
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30449
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:31
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2020-23315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.43%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 21:14
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-chakracoren/a
CVE-2023-30447
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:07
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.39%
||
7 Day CHG~0.00%
Published-26 Feb, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectApple Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-h410sactive_iq_unified_managerdebian_linuxh500s_firmwarecommunications_cloud_native_core_binding_support_functionbootstrap_osh410c_firmwareh410ch700sh500smysql_workbenchh700e_firmwarezfs_storage_appliance_kitontap_select_deploy_administration_utilitycommunications_cloud_native_core_network_function_cloud_native_environmenth500e_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodetvosclustered_data_ontap_antivirus_connectorclustered_data_ontaph300ecommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryh300e_firmwaremacoswatchossolidfire_\&_hci_management_nodeh700eipadosmac_os_xhci_compute_nodeh500eh700s_firmwaresmi-s_providerfedoracommunications_cloud_native_core_network_slice_selection_functionh410s_firmwaresnapmanagerlibxml2h300s_firmwaremanageability_software_development_kitsnapdriveiphone_osh300sn/a
CWE ID-CWE-416
Use After Free
CVE-2023-29413
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.32%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:50
Updated-05 Feb, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.

Action-Not Available
Vendor-Microsoft CorporationSchneider Electric SE
Product-windows_server_2016apc_easy_ups_online_monitoring_softwareeasy_ups_online_monitoring_softwarewindows_11windows_10windows_server_2022windows_server_2019Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-23267
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 82.78%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Fedora ProjectMicrosoft Corporation
Product-visual_studio_2022visual_studio_2019fedora.net.net_corepowershellMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 6.0Microsoft Visual Studio 2022 version 17.1PowerShell 7.0.NET 5.0Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)PowerShell 7.2Visual Studio 2019 for Mac version 8.10Visual Studio 2022 for Mac version 17.0Microsoft Visual Studio 2022 version 17.0.NET Core 3.1
CVE-2022-22354
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.18% / 39.91%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 16:45
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelspectrum_protect_plusSpectrum Protect PlusSpectrum Copy Data Management
CVE-2023-28233
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.80% / 87.63%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Channel Denial of Service Vulnerability

Windows Secure Channel Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_11_22h2windows_server_2022Windows Server 2022Windows 11 version 21H2Windows 11 version 22H2
CVE-2023-28302
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-33.61% / 96.79%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:14
Updated-28 Feb, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22673
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 17:42
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CVE-2022-22719
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-27.79% / 96.27%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 10:15
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_lua Use of uninitialized value of in r:parsebody

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

Action-Not Available
Vendor-The Apache Software FoundationApple Inc.Fedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitmac_os_xmacosApache HTTP Server
CWE ID-CWE-665
Improper Initialization
CVE-2023-27559
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.56%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 19:02
Updated-21 Nov, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-27555
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 9.92%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 17:38
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 33
  • 34
  • Next
Details not found