Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21312

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-09 Jan, 2024 | 17:57
Updated At-03 May, 2025 | 01:46
Rejected At-
Credits

.NET Framework Denial of Service Vulnerability

.NET Framework Denial of Service Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:09 Jan, 2024 | 17:57
Updated At:03 May, 2025 | 01:46
Rejected At:
▼CVE Numbering Authority (CNA)
.NET Framework Denial of Service Vulnerability

.NET Framework Denial of Service Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.8.1
Platforms
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows 11 version 21H2 for x64-based Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
Versions
Affected
  • From 4.8.1 before 4.8.09214.01 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 4.8
Platforms
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
Versions
Affected
  • From 4.8.0 before 4.8.04690.02 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.8
Platforms
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows 11 version 21H2 for x64-based Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
Versions
Affected
  • From 4.8.0 before 4.8.04690.02 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.7.2
Platforms
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
Versions
Affected
  • From 4.7.0 before 4.7.04081.03 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Platforms
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
Versions
Affected
  • From 4.7.0 before 4.7.04081.02 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5
Platforms
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
Versions
Affected
  • From 3.5.0 before 3.0.50727.8976 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
vendor-advisory
x_transferred
https://security.netapp.com/advisory/ntap-20240208-0008/
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20240208-0008/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:09 Jan, 2024 | 18:15
Updated At:08 Oct, 2024 | 16:15

.NET Framework Denial of Service Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.8.1
cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11_21h2>>-
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11_22h2>>-
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11_23h2>>-
cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6.2
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.1
cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.2
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.2
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.8
cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.8
cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11_21h2>>-
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-20Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1997Records found
CVE-2018-5391
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.F5, Inc.Siemens AGLinux Kernel Organization, IncMicrosoft Corporation
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerenterprise_linux_server_euswindows_8.1big-ip_policy_enforcement_managerenterprise_linux_server_ausscalance_sc-600_firmwaresimatic_rf188_firmwareruggedcom_rm1224_firmwarebig-ip_local_traffic_managersimatic_net_cp_1243-7_lte_uswindows_10simatic_net_cp_1243-7_lte_us_firmwarescalance_w700_ieee_802.11a\/b\/g\/nsinema_remote_connect_serverenterprise_linux_workstationsimatic_net_cp_1243-1simatic_net_cp_1243-7_lte_eu_firmwaresimatic_rf185c_firmwarescalance_s615_firmwaresimatic_net_cp_1543sp-1enterprise_linux_desktopsimatic_net_cp_1543-1scalance_m-800_firmwaresimatic_net_cp_1242-7_firmwaresimatic_net_cp_1542sp-1_firmwarebig-ip_domain_name_systemsimatic_net_cp_1543sp-1_firmwarescalance_w1700_ieee_802.11ac_firmwareruggedcom_rox_iisimatic_net_cp_1542sp-1big-ip_edge_gatewaydebian_linuxlinux_kernelsimatic_net_cp_1543-1_firmwarescalance_sc-600simatic_net_cp_1242-7simatic_net_cp_1243-1_firmwarewindows_server_2008simatic_net_cp_1542sp-1_irc_firmwareenterprise_linux_serverwindows_server_2016windows_server_2012simatic_rf188big-ip_fraud_protection_serviceruggedcom_rox_ii_firmwarescalance_w700_ieee_802.11a\/b\/g\/n_firmwaresimatic_rf186c_firmwaresimatic_net_cp_1542sp-1_ircbig-ip_application_security_managerruggedcom_rm1224simatic_rf185cscalance_s615simatic_rf186cisimatic_net_cp_1243-8_ircbig-ip_access_policy_managersimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwaresimatic_rf188ci_firmwaresinema_remote_connect_server_firmwarewindows_rt_8.1big-ip_global_traffic_managerbig-ip_analyticssimatic_rf186cbig-ip_link_controllerscalance_w1700_ieee_802.11acwindows_7scalance_m-800enterprise_linux_server_tusbig-ip_advanced_firewall_managersimatic_rf188cisimatic_net_cp_1243-7_lte_euKernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47701
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.87%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:19
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-45193
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 19:02
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kerneldb2linux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40687
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:10
Updated-13 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40699
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-01 Dec, 2023 | 20:59
Updated-03 Jun, 2025 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server denial of service

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40374
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.37%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 22:47
Updated-13 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40372
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.37%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 23:02
Updated-13 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38727
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.30%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:08
Updated-13 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38720
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.27%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:52
Updated-12 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

Action-Not Available
Vendor-opengroupMicrosoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36585
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.67% / 87.42%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows upnphost.dll Denial of Service Vulnerability

Windows upnphost.dll Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_10_21h1windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43929
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 9.55%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:57
Updated-17 Mar, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

Action-Not Available
Vendor-Oracle CorporationHP Inc.Microsoft CorporationLinux Kernel Organization, IncIBM Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21230
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.65% / 81.26%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 Service Pack 2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-30442
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.04%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 00:01
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30446
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:09
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30449
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:31
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30448
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:19
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30447
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:07
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30445
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:28
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarisaixhp-uxlinux_kernelwindowsdb2DB2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29255
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.27%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 12:47
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM DB2 for Linux, UNIX and Windows denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-26022
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 18:26
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28513
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.51%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:49
Updated-21 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelihp-uxlinux_on_ibm_zwindowsmq_appliancemqaixMQMQ Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28302
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-33.61% / 96.79%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:14
Updated-28 Feb, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-20
Improper Input Validation
CVE-2023-27559
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.56%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 19:02
Updated-21 Nov, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-26281
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.62%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 14:19
Updated-06 Mar, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM HTTP Server denial of service

IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.Linux Kernel Organization, IncOracle CorporationIBM Corporation
Product-http_serversolarislinux_kernelhp-uxwindowsz\/osaixHTTP Server
CWE ID-CWE-20
Improper Input Validation
CVE-2023-27555
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 9.86%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 17:38
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-26021
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.17%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 18:23
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23831
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.52%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:45
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.

Action-Not Available
Vendor-FreeBSD FoundationLinux Kernel Organization, IncMicrosoft CorporationAdvanced Micro Devices, Inc.
Product-amd_uprofwindowsfreebsdlinux_kernelAMD μProf
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46167
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:04
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-22337
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.14%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21818
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-27.65% / 96.25%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Channel Denial of Service Vulnerability

Windows Secure Channel Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_10windows_10_20h2windows_server_2022windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21816
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Active Directory Domain Services API Denial of Service Vulnerability

Windows Active Directory Domain Services API Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27674
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.31%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:45
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.

Action-Not Available
Vendor-FreeBSD FoundationLinux Kernel Organization, IncMicrosoft CorporationAdvanced Micro Devices, Inc.
Product-amd_uprofwindowsfreebsdlinux_kernelAMD μProf
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40373
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.37%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 23:08
Updated-13 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36912
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.83% / 89.10%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-27 Feb, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38740
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 8.54%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 21:24
Updated-13 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38728
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.72%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 21:27
Updated-13 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36707
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.99% / 89.28%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Deployment Services Denial of Service Vulnerability

Windows Deployment Services Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2012Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2022Windows Server 2012 R2Windows Server 2016Windows Server 2019
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30987
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.90%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:48
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-30991
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.68%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 22:53
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29258
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:12
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38095
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.01% / 82.94%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022.netMicrosoft Visual Studio 2022 version 17.6.NET 8.0Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8PowerShell 7.2.NET 6.0PowerShell 7.4
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14211
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.83%
||
7 Day CHG~0.00%
Published-21 Jul, 2019 | 18:17
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4559
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.47% / 63.45%
||
7 Day CHG~0.00%
Published-28 Aug, 2020 | 14:35
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelspectrum_protecthp-uxwindowsaixSpectrum Protect
CWE ID-CWE-20
Improper Input Validation
CVE-2024-52903
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 27.21%
||
7 Day CHG~0.00%
Published-01 May, 2025 | 22:15
Updated-12 Aug, 2025 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-unixwindowslinux_kerneldb2Db2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38230
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.06% / 83.17%
||
7 Day CHG-0.52%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0820
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.25% / 83.91%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1enterprise_linux_server_ausenterprise_linux.net_corewindows_rt_8.1enterprise_linux_euswindows_7enterprise_linux_server_tuswindows_10.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 4.7.2Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 4.6Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 2.0Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems.NET CoreMicrosoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2019Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8 on Windows Server 2012Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows RT 8.1Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)Microsoft .NET Framework 3.0Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2016Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.5.2Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2001-0334
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.08% / 95.96%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_servern/a
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-1999-1127
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-30.03% / 96.49%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2025-53722
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.67% / 81.37%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-27 Aug, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1507windows_server_2019windows_server_2025windows_server_2008windows_10_22h2windows_server_2016windows_server_2012windows_10_1607windows_server_2022_23h2windows_11_22h2windows_server_2022windows_10_21h2windows_11_23h2windows_10_1809Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 1507Windows 10 Version 22H2Windows Server 2016Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1Windows Server 2022Windows Server 2025 (Server Core installation)Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2Windows 10 Version 1607
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-8409
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-7.55% / 91.44%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

Action-Not Available
Vendor-Microsoft Corporation
Product-system.io.pipelinesasp.net_core.net_coreSystem.IO.PipelinesASP.NET Core.NET Core
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 39
  • 40
  • Next
Details not found