Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-6536

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-07 Feb, 2024 | 21:05
Updated At-06 Nov, 2025 | 21:45
Rejected At-
Credits

Kernel: null pointer dereference in __nvmet_req_complete

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:07 Feb, 2024 | 21:05
Updated At:06 Nov, 2025 | 21:45
Rejected At:
â–¼CVE Numbering Authority (CNA)
Kernel: null pointer dereference in __nvmet_req_complete

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel-rt
CPEs
  • cpe:/a:redhat:enterprise_linux:8::realtime
  • cpe:/a:redhat:enterprise_linux:8::nfv
Default Status
affected
Versions
Unaffected
  • From 0:4.18.0-513.18.1.rt7.320.el8_9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/a:redhat:enterprise_linux:8::crb
  • cpe:/o:redhat:enterprise_linux:8::baseos
Default Status
affected
Versions
Unaffected
  • From 0:4.18.0-513.18.1.el8_9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.6 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/a:redhat:rhel_eus:8.6::crb
  • cpe:/o:redhat:rhel_eus:8.6::baseos
  • cpe:/o:redhat:rhev_hypervisor:4.4::el8
Default Status
affected
Versions
Unaffected
  • From 0:4.18.0-372.91.1.el8_6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.8 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/o:redhat:rhel_eus:8.8::baseos
  • cpe:/a:redhat:rhel_eus:8.8::crb
Default Status
affected
Versions
Unaffected
  • From 0:4.18.0-477.58.1.el8_8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/a:redhat:enterprise_linux:9::nfv
  • cpe:/a:redhat:enterprise_linux:9::crb
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/a:redhat:enterprise_linux:9::realtime
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:5.14.0-362.24.1.el9_3 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/a:redhat:enterprise_linux:9::nfv
  • cpe:/a:redhat:enterprise_linux:9::crb
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/a:redhat:enterprise_linux:9::realtime
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:5.14.0-362.24.1.el9_3 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.2 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/a:redhat:rhel_eus:9.2::appstream
  • cpe:/a:redhat:rhel_eus:9.2::crb
  • cpe:/o:redhat:rhel_eus:9.2::baseos
Default Status
affected
Versions
Unaffected
  • From 0:5.14.0-284.52.1.el9_2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.2 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel-rt
CPEs
  • cpe:/a:redhat:rhel_eus:9.2::realtime
  • cpe:/a:redhat:rhel_eus:9.2::nfv
Default Status
affected
Versions
Unaffected
  • From 0:5.14.0-284.52.1.rt14.337.el9_2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/a:redhat:rhel_eus:8.6::crb
  • cpe:/o:redhat:rhel_eus:8.6::baseos
  • cpe:/o:redhat:rhev_hypervisor:4.4::el8
Default Status
affected
Versions
Unaffected
  • From 0:4.18.0-372.91.1.el8_6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/cluster-logging-operator-bundle
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.6-22 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/cluster-logging-rhel9-operator
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.6-11 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/elasticsearch6-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v6.8.1-407 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/elasticsearch-operator-bundle
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.6-19 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/elasticsearch-proxy-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v1.0.0-479 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/elasticsearch-rhel9-operator
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.6-7 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/eventrouter-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v0.4.0-247 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/fluentd-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.6-5 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/log-file-metric-exporter-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v1.1.0-227 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/logging-curator5-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.1-470 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/logging-loki-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v2.9.6-14 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/logging-view-plugin-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.6-2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/loki-operator-bundle
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.6-24 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/loki-rhel9-operator
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v5.8.6-10 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/lokistack-gateway-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v0.1.0-525 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/opa-openshift-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v0.1.0-224 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHOL-5.8-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
openshift-logging/vector-rhel9
CPEs
  • cpe:/a:redhat:logging:5.8::el9
Default Status
affected
Versions
Unaffected
  • From v0.28.1-56 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel-rt
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel-rt
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-476NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Exploits
Credits
Red Hat would like to thank Alon Zahavi for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2023-12-11 00:00:00
Made public.2023-12-11 00:00:00
Event: Reported to Red Hat.
Date: 2023-12-11 00:00:00
Event: Made public.
Date: 2023-12-11 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2024:0723
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0724
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0725
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0881
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0897
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1248
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2094
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3810
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6536
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2254052
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0723
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0724
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0725
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0881
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0897
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1248
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2094
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3810
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6536
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2254052
Resource:
issue-tracking
x_refsource_REDHAT
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2024:0723
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0724
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0725
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0881
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0897
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1248
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2094
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:3810
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/security/cve/CVE-2023-6536
vdb-entry
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2254052
issue-tracking
x_refsource_REDHAT
x_transferred
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
x_transferred
https://security.netapp.com/advisory/ntap-20240415-0001/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0723
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0724
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0725
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0881
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0897
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1248
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2094
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3810
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6536
Resource:
vdb-entry
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2254052
Resource:
issue-tracking
x_refsource_REDHAT
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20240415-0001/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:07 Feb, 2024 | 21:15
Updated At:04 Nov, 2025 | 19:16

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.0(inclusive) to 5.4.268(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.5(inclusive) to 5.10.209(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.11(inclusive) to 5.15.148(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.16(inclusive) to 6.1.75(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.2(inclusive) to 6.6.14(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.7.2(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_eus>>8.6
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_eus>>9.2
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_eus_for_power_little_endian_eus>>8.6_ppc64le
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_eus_for_power_little_endian_eus>>9.2_ppc64le
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_arm64_eus>>8.6_aarch64
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_arm64_eus>>9.2_aarch64
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>codeready_linux_builder_for_ibm_z_systems_eus>>9.2_s390x
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>8.6
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>9.2
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_arm_64_eus>>8.6_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_arm_64_eus>>9.2_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_ibm_z_systems_eus>>8.6_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_ibm_z_systems_eus>>9.2_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_power_little_endian_eus>>8.6_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_power_little_endian_eus>>9.2_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_real_time>>9.2
cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_for_real_time_for_nfv>>9.2
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>8.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>9.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions>>8.6_ppc64le
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions>>9.2_ppc64le
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>8.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>virtualization_host>>4.0
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Secondarysecalert@redhat.com
CWE ID: CWE-476
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2024:0723secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0724secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0897secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1248secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2094secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3810secalert@redhat.com
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6536secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254052secalert@redhat.com
Issue Tracking
https://access.redhat.com/errata/RHSA-2024:0723af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0724af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0897af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1248af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2094af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3810af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6536af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254052af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20240415-0001/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0723
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0724
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0725
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0881
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0897
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1248
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2094
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3810
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6536
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2254052
Source: secalert@redhat.com
Resource:
Issue Tracking
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0723
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0724
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0725
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0881
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0897
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1248
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2094
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3810
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6536
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2254052
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20240415-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4384Records found
CVE-2017-3238
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-1.85% / 83.34%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Action-Not Available
Vendor-MariaDB FoundationOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_server_ausenterprise_linux_eusMySQL Server
CVE-2025-23336
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 22.72%
||
7 Day CHG+0.01%
Published-17 Sep, 2025 | 22:00
Updated-25 Sep, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationNVIDIA Corporation
Product-linux_kerneltriton_inference_serverwindowsTriton Inference Server
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3453
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 62.24%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_server_ausenterprise_linux_eusMySQL Server
CVE-2010-0302
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.29% / 90.20%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Red Hat, Inc.Fedora Project
Product-enterprise_linux_eusubuntu_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopfedoramac_os_x_servercupsenterprise_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2023-50868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.42% / 94.04%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 00:00
Updated-23 Dec, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

Action-Not Available
Vendor-powerdnsn/aInternet Systems Consortium, Inc.Debian GNU/LinuxRed Hat, Inc.Fedora ProjectNetApp, Inc.
Product-bootstrap_osenterprise_linuxhci_baseboard_management_controllerh410sh300sactive_iq_unified_managerdebian_linuxh700sh410ch500sfedorahci_compute_nodebindrecursorn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-7345
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.94% / 76.61%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 13:39
Updated-07 Nov, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-39926
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.94% / 76.59%
||
7 Day CHG-0.01%
Published-19 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoraWireshark
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3341
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-5.51% / 90.41%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 02:20
Updated-15 Nov, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV PDF Parsing Denial of Service Vulnerability

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Cisco Systems, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linux
Product-clam_antivirusubuntu_linuxfedoradebian_linuxClamAV
CWE ID-CWE-20
Improper Input Validation
CVE-2023-49322
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.02%
||
7 Day CHG~0.00%
Published-26 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CVE-2025-7424
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.44%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 14:05
Updated-27 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.libxml2 (XMLSoft)
Product-openshift_container_platformlibxsltenterprise_linuxRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4libxsltRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-3975
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 69.74%
||
7 Day CHG-0.02%
Published-23 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.Canonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxdebian_linuxontap_select_deploy_administration_utilityfedoraenterprise_linuxenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_euslibvirtcodeready_linux_builderlibvirt
CWE ID-CWE-416
Use After Free
CVE-2023-47264
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 34.80%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47747
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.28%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 19:57
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxlinux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2025-23325
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.58%
||
7 Day CHG+0.07%
Published-06 Aug, 2025 | 12:40
Updated-12 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2023-47141
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 20:07
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kerneldb2linux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47701
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.00%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:19
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2021-39925
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-4.60% / 89.45%
||
7 Day CHG-0.03%
Published-19 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoraWireshark
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47158
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 20:05
Updated-30 May, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationHP Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-solarislinux_kerneldb2hp-uxlinux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47746
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 22.81%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 18:42
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxlinux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-3909
Matching Score-8
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-8
Assigner-Cloudflare, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.73% / 73.17%
||
7 Day CHG~0.00%
Published-11 Nov, 2021 | 21:45
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite open connection causes OctoRPKI to hang forever

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.

Action-Not Available
Vendor-Debian GNU/LinuxCloudflare, Inc.
Product-octorpkidebian_linuxoctorpki
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-46847
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-38.21% / 97.32%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 07:58
Updated-25 Feb, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squid: denial of service in http digest authentication

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Action-Not Available
Vendor-Red Hat, Inc.Squid Cache
Product-enterprise_linux_serversquidenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_arm_64Red Hat Enterprise Linux 7.7 Advanced Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46167
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.26%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:04
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2021-39924
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 80.30%
||
7 Day CHG-0.01%
Published-19 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoraWireshark
CWE ID-CWE-834
Excessive Iteration
CVE-2022-24713
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-10.40% / 93.36%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 19:00
Updated-23 Apr, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression denial of service in Rust's regex crate

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.

Action-Not Available
Vendor-rust-langrust-langFedora ProjectDebian GNU/Linux
Product-regexdebian_linuxfedoraregex
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-46849
Matching Score-8
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-8
Assigner-OpenVPN Inc.
CVSS Score-7.5||HIGH
EPSS-0.49% / 66.01%
||
7 Day CHG~0.00%
Published-11 Nov, 2023 | 00:05
Updated-11 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

Action-Not Available
Vendor-openvpnOpenVPNFedora ProjectDebian GNU/Linux
Product-openvpn_access_serverfedoradebian_linuxopenvpnOpenVPN 2 (Community)Access Server
CWE ID-CWE-369
Divide By Zero
CVE-2009-3553
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.85% / 93.13%
||
7 Day CHG~0.00%
Published-20 Nov, 2009 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Red Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxmac_os_xfedoramac_os_x_servercupsenterprise_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2023-46848
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-7.16% / 91.72%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 07:58
Updated-25 Feb, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squid: denial of service in ftp

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

Action-Not Available
Vendor-Red Hat, Inc.Squid Cache
Product-squidenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2021-39929
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 71.60%
||
7 Day CHG+0.50%
Published-19 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxfedoraWireshark
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-39140
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.66%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 18:15
Updated-23 May, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XStream can cause a Denial of Service

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Action-Not Available
Vendor-xstreamx-streamOracle CorporationFedora ProjectNetApp, Inc.Debian GNU/Linux
Product-communications_cloud_native_core_binding_support_functionsnapmanagerxstreamcommerce_guided_searchcommunications_unified_inventory_managementutilities_testing_acceleratorcommunications_cloud_native_core_automated_test_suitecommunications_billing_and_revenue_management_elastic_charging_enginewebcenter_portalcommunications_cloud_native_core_policyretail_xstore_point_of_serviceutilities_frameworkdebian_linuxfedorabusiness_activity_monitoringxstream
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2010-2490
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 66.11%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 15:23
Updated-07 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mumble: murmur-server has DoS due to malformed client query

Action-Not Available
Vendor-mumblen/aDebian GNU/Linux
Product-mumbledebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-39923
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-2.25% / 84.91%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 16:31
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxWireshark
CWE ID-CWE-834
Excessive Iteration
CVE-2018-10811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.65% / 94.39%
||
7 Day CHG~0.00%
Published-19 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-debian_linuxstrongswanfedoraubuntu_linuxn/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2009-1955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.33% / 85.14%
||
7 Day CHG~0.00%
Published-06 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Oracle CorporationSUSEThe Apache Software FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxmac_os_xlinux_enterprise_serverapr-utilfedorahttp_servern/a
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2021-3805
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.65% / 71.24%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution in mariocasciaro/object-path

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Action-Not Available
Vendor-object-path_projectmariocasciaroDebian GNU/Linux
Product-object-pathdebian_linuxmariocasciaro/object-path
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3859
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.43%
||
7 Day CHG-0.06%
Published-26 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-single_sign-onundertowoncommand_workflow_automationcloud_secure_agentjboss_enterprise_application_platformoncommand_insightundertow
CWE ID-CWE-214
Invocation of Process Using Visible Sensitive Information
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-45193
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 21.53%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 19:02
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kerneldb2linux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2025-23367
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.92%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 14:30
Updated-30 Apr, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.wildfly.core:wildfly-server: wildfly improper rbac permission

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformwildflyRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat Process Automation 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat Fuse 7Red Hat Data Grid 8Red Hat JBoss Data Grid 7Red Hat JBoss Enterprise Application Platform 7Red Hat Build of KeycloakRed Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
CWE ID-CWE-284
Improper Access Control
CVE-2023-44487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-94.39% / 99.98%
||
7 Day CHG-0.00%
Published-10 Oct, 2023 | 00:00
Updated-12 May, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-31||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Action-Not Available
Vendor-linecorpcaddyserverkonghqakkakazu-yamamotovarnish_cache_projectprojectcontourgrpclinkerdopenrestyamazonenvoyproxyistiodenatraefiknghttp2n/aMicrosoft CorporationSiemens AGCisco Systems, Inc.Red Hat, Inc.JenkinsThe Apache Software FoundationFacebookApple Inc.Fedora ProjectNetApp, Inc.GoThe Netty ProjectEclipse Foundation AISBLNode.js (OpenJS Foundation)F5, Inc.The IETF Administration LLC (IETF LLC)Debian GNU/Linux
Product-nexus_9804nexus_9332d-h2rnexus_9372txnexus_9200istionexus_92160yc_switchfedoranexus_92160yc-xsiplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwareenterprise_chat_and_email.netvisual_studio_2022windows_10_22h2node_healthcheck_operatornexus_36180yc-ropenshift_sandboxed_containersnexus_9500_4-slotnexus_93128tx_switchnexus_92300ycbig-ip_nextcost_managementjboss_enterprise_application_platformnexus_9200ycnexus_9332pqnexus_9396txproxygenultra_cloud_core_-_session_management_functionintegration_camel_kintegration_camel_for_spring_bootnexus_3064tazure_kubernetes_servicenexus_93180yc-fxcrosswork_zero_touch_provisioningbig-ip_analyticsnexus_3432d-snexus_93180yc-fx3secure_malware_analyticsopensearch_data_preppersecure_web_appliance_firmwareweb_terminalprime_infrastructurenexus_93180lc-ex_switchopenshift_container_platform_assisted_installercertification_for_red_hat_enterprise_linuxprime_cable_provisioningnexus_93108tc-fx-24connected_mobile_experiencesnexus_92300yc_switchprocess_automationexpresswayhttp_serverunified_attendant_console_advancedopenstack_platformnginx_plusnexus_93240yc-fx2nexus_3636c-rcryostatnexus_3100-zsingle_sign-onopenshift_distributed_tracingnexus_9736pqnexus_9272qnexus_3016qnexus_93108tc-ex-24unified_contact_center_domain_managernexus_9396tx_switchopenshift_developer_tools_and_servicesnexus_93128crosswork_situation_managernexus_93180yc-ex-24nexus_9332pq_switchwindows_server_2022nexus_31108pc-vopenshift_api_for_data_protectionopenshift_gitopsnexus_3132c-zsupport_for_spring_bootwindows_server_2016nexus_3016nexus_3132q-vopenshift_service_mesh3scale_api_management_platformnexus_3464cnexus_9500ropenshiftcaddynexus_3100-vnexus_3132qopenshift_secondary_scheduler_operatornexus_3064-32tnexus_31108tc-varmeriagomigration_toolkit_for_containersbuild_of_optaplannernexus_3232nexus_9372pxbig-ip_websafenexus_9500_supervisor_anexus_9348gc-fxpultra_cloud_core_-_serving_gateway_functionnexus_3172tqnexus_9504windows_10_21h2nexus_3064xnexus_3232cnexus_9636pqnexus_3400jettyansible_automation_platformnexus_9500_supervisor_bnexus_9372tx-ewindows_10_1809nexus_3524-xlnexus_3408-snexus_3172tq-32tnexus_93180tc-exnexus_9516nexus_3524-xnexus_3264c-enexus_3172pqnexus_3172pq\/pq-xlnexus_9336pqastra_control_centernexus_9364c-gxnexus_9336c-fx2simatic_s7-1500_cpu_1518-4_pn\/dpnexus_9236cnexus_9536pqnexus_9236c_switchnexus_93180yc-fx-24nexus_31128pqnetwork_observability_operatorbig-ip_application_security_managerprime_access_registrarswiftnio_http\/2linkerdios_xewindows_11_22h2nexus_9500_supervisor_b\+nexus_9364d-gx2adecision_managerbig-ip_policy_enforcement_managerquaynexus_3264qbusiness_process_automationnexus_3100vsecure_dynamic_attributes_connectornexus_9372tx_switchnexus_9500_supervisor_a\+machine_deletion_remediation_operatornode.jssatellitenexus_9348d-gx2abig-ip_domain_name_systemnexus_3064nexus_9372px-e_switchbig-ip_link_controllernexus_93108tc-ex_switchhttpbig-ip_advanced_firewall_managerprime_network_registrarcert-manager_operator_for_red_hat_openshiftnexus_9432pqtraefikbuild_of_quarkusnexus_3524self_node_remediation_operatorcrosswork_data_gatewaycontournode_maintenance_operatorcbl-marinernexus_9716d-gxsinec_insh2onexus_9332d-gx2bnexus_9372px_switchapisixjboss_core_servicesnexus_9500_16-slotsimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwareoncommand_insightnexus_9372px-enexus_9336pq_aci_spinenexus_3548-xnexus_9221cnexus_9272q_switchnexus_93108tc-fxfirepower_threat_defensebig-ip_fraud_protection_servicewindows_server_2019migration_toolkit_for_virtualizationvarnish_cacheunified_contact_center_enterprisenexus_93108tc-fx3hnexus_93240tc-fx2asp.net_coretelepresence_video_communication_servernexus_93216tc-fx2nexus_3100traffic_servernexus_3064-xnexus_9348gc-fx3nexus_9332cbig-ip_application_visibility_and_reportingnexus_3132q-x\/3132q-xltomcatwindows_10_1607simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmwarenexus_3172tq-xlnexus_3548-xlnexus_9336pq_aci_spine_switchsiplus_s7-1500_cpu_1518-4_pn\/dp_mfpnexus_3164qdebian_linuxnexus_9396px_switchnexus_9396pxlogging_subsystem_for_red_hat_openshiftnexus_9364cbig-ip_webacceleratoropenshift_serverlessnetworkingnexus_9500big-ip_ssl_orchestratornexus_93180yc-ex_switchnexus_9508nexus_3132q-xnexus_93120txnexus_3132q-xlnexus_9408ruggedcom_ape1808_firmwarenexus_34180ycnexus_93180yc-fx3snx-osnexus_93180lc-exunified_contact_center_management_portalnexus_92304qc_switchdata_center_network_manageropenrestynexus_92348gc-xbig-ip_application_acceleration_manageropenshift_virtualizationnexus_93108tc-fx3pnexus_93360yc-fx2nexus_3172pq-xlnexus_31108pv-vgrpcnexus_93128txnexus_3064-tadvanced_cluster_management_for_kubernetesbig-ip_advanced_web_application_firewallenvoynexus_3232c_big-ip_global_traffic_managernginxfence_agents_remediation_operatorjboss_data_gridios_xrfog_directorsimatic_s7-1500_cpu_1518f-4_pn\/dp_mfpbig-ip_carrier-grade_natnexus_9300windows_11_21h2secure_web_applianceintegration_service_registryhttp2openshift_dev_spacesbig-ip_ddos_hybrid_defendernexus_93180yc-fx3hservice_interconnectnghttp2openshift_data_sciencest7_scadaconnectnexus_93120tx_switchbig-ip_local_traffic_managerbig-ip_access_policy_managerjboss_fuseopenshift_container_platformopenshift_pipelinesnexus_3048nexus_9508_switchnettynexus_9336c-fx2-enexus_93600cd-gxnexus_34200yc-smnexus_9516_switchceph_storagenexus_3600jboss_a-mqrun_once_duration_override_operatornexus_9000vnexus_3172nexus_3500sinec_nmsruggedcom_ape1808nexus_9336pq_acinexus_9316d-gxnexus_9800kong_gatewayadvanced_cluster_securitynexus_3548-x\/xlunified_contact_center_enterprise_-_live_data_serverultra_cloud_core_-_policy_control_functionbig-ip_next_service_proxy_for_kubernetesnexus_9232enexus_9808jboss_a-mq_streamsnexus_92304qciot_field_network_directornexus_9500_8-slotmigration_toolkit_for_applicationsnexus_3200solrjenkinsnginx_ingress_controllernexus_93180yc-exnexus_9372tx-e_switchnexus_93108tc-exnexus_9504_switchnexus_3524-x\/xlnexus_3548service_telemetry_frameworkenterprise_linuxn/aRUGGEDCOM APE1808SINEC NMSSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPhttpHTTP/2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-3842
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 14:50
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in nltk/nltk

nltk is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-nltknltkDebian GNU/LinuxFedora Project
Product-fedoradebian_linuxnltknltk/nltk
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-38207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.48% / 85.59%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 19:22
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44488
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 81.12%
||
7 Day CHG~0.00%
Published-30 Sep, 2023 | 00:00
Updated-23 Sep, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

Action-Not Available
Vendor-webmprojectn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-libvpxdebian_linuxfedoraenterprise_linuxn/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-38974
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.73%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CVE-2023-43760
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.94%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CVE-2021-3908
Matching Score-8
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-8
Assigner-Cloudflare, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 52.36%
||
7 Day CHG~0.00%
Published-11 Nov, 2021 | 21:45
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite certificate chain depth results in OctoRPKI running forever

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

Action-Not Available
Vendor-Debian GNU/LinuxCloudflare, Inc.
Product-octorpkidebian_linuxoctorpki
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-3905
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

Action-Not Available
Vendor-openvswitchn/aCanonical Ltd.Red Hat, Inc.Fedora Project
Product-openvswitchenterprise_linux_fast_datapathfedoraubuntu_linuxopenvswitch (ovs)
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-43761
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.33%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-43767
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.50%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3327
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-14.18% / 94.52%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 02:20
Updated-15 Nov, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV ARJ Archive Parsing Denial of Service Vulnerability

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Cisco Systems, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linux
Product-clam_antivirusubuntu_linuxdebian_linuxfedoraClamAV
CWE ID-CWE-20
Improper Input Validation
CVE-2023-43765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.94%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aF-Secure CorporationLinux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/alinux_security_64server_securityclient_securityelements_endpoint_protectionatlantemail_and_server_securitylinux_protection
CVE-2023-42521
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.43%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 87
  • 88
  • Next
Details not found