Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21590

Summary
Assigner-juniper
Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At-12 Apr, 2024 | 14:53
Updated At-01 Aug, 2024 | 22:27
Rejected At-
Credits

Junos OS Evolved: Packets which are not destined to the device can reach the RE

An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).  When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:juniper
Assigner Org ID:8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At:12 Apr, 2024 | 14:53
Updated At:01 Aug, 2024 | 22:27
Rejected At:
▼CVE Numbering Authority (CNA)
Junos OS Evolved: Packets which are not destined to the device can reach the RE

An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).  When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.

Affected Products
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS Evolved
Default Status
unaffected
Versions
Affected
  • From 0 before 21.2R3-S8-EVO (semver)
  • From 21.4-EVO before 21.4R3-S6-EVO (semver)
  • From 22.2-EVO before 22.2R3-S4-EVO (semver)
  • From 22.3-EVO before 22.3R3-S3-EVO (semver)
  • From 22.4-EVO before 22.4R3-EVO (semver)
  • From 23.2-EVO before 23.2R2-EVO (semver)
  • From 23.4-EVO before 23.4R1-S1-EVO (semver)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
N/AN/ADenial of Service
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Type: N/A
CWE ID: N/A
Description: Denial of Service
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.07.1HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The following software releases have been updated to resolve this specific issue: Junos OS Evolved:21.2R3-S8-EVO, 21.4R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 24.1R1-EVO and all subsequent releases.

Configurations
Workarounds

There are no known workarounds for this issue.

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Credits
Timeline
EventDate
Initial Publication2024-04-10 16:00:00
Event: Initial Publication
Date: 2024-04-10 16:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://supportportal.juniper.net/JSA75728
vendor-advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
technical-description
Hyperlink: https://supportportal.juniper.net/JSA75728
Resource:
vendor-advisory
Hyperlink: https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Resource:
technical-description
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://supportportal.juniper.net/JSA75728
vendor-advisory
x_transferred
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
technical-description
x_transferred
Hyperlink: https://supportportal.juniper.net/JSA75728
Resource:
vendor-advisory
x_transferred
Hyperlink: https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Resource:
technical-description
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sirt@juniper.net
Published At:12 Apr, 2024 | 15:15
Updated At:23 Jan, 2025 | 15:29

An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).  When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.1HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.3MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>Versions up to 21.2(inclusive)
cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s7:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>21.4
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.2
cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>22.4
cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarysirt@juniper.net
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: sirt@juniper.net
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://supportportal.juniper.net/JSA75728sirt@juniper.net
Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:Nsirt@juniper.net
Issue Tracking
https://supportportal.juniper.net/JSA75728af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:Naf854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Hyperlink: https://supportportal.juniper.net/JSA75728
Source: sirt@juniper.net
Resource:
Vendor Advisory
Hyperlink: https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Source: sirt@juniper.net
Resource:
Issue Tracking
Hyperlink: https://supportportal.juniper.net/JSA75728
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

311Records found
CVE-2015-2923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 79.54%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 03:28
Updated-06 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-16216
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.71%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 13:06
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Patient Monitoring Devices Improper Input Validation

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.

Action-Not Available
Vendor-PhilipsPhilips
Product-intellivue_mp2-mp90intellivue_mx800intellivue_x3intellivue_mx850_firmwareintellivue_mx100_firmwareintellivue_mx600_firmwareintellivue_mx850performancebridge_focal_pointintellivue_mx750_firmwareintellivue_x2intellivue_mx100intellivue_mx700intellivue_mx550_firmwareintellivue_x3_firmwareintellivue_mx400_firmwareintellivue_mx800_firmwareintellivue_mx600intellivue_mx700_firmwarepatient_information_center_ixintellivue_mx550intellivue_mp2-mp90_firmwareintellivue_mx750intellivue_mx400intellivue_x2_firmwareIntelliVue IntelliVue patient monitors
CWE ID-CWE-20
Improper Input Validation
CVE-2021-41789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 15:54
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.

Action-Not Available
Vendor-n/aMediaTek Inc.
Product-mt7622mt7615_firmwaremt7615mt7622_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-39230
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.98%
||
7 Day CHG~0.00%
Published-21 Sep, 2021 | 16:55
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Error in JPNS kernel of Butter

Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.

Action-Not Available
Vendor-butter_projectFrankEnderman
Product-butterButter
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.05%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 14:58
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

Action-Not Available
Vendor-espressifn/a
Product-esp-idfesp32n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12322
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.86%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:12
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-wireless-ac_9560wi-fi_6_ax201_firmwarewireless-ac_9461_firmwaredual_band_wireless-ac_8260_firmwaredual_band_wireless-ac_8265_firmwarewireless-ac_9260_firmwarewireless-ac_9462_firmwarewireless-ac_9560_firmwarewi-fi_6_ax200dual_band_wireless-ac_8265wireless-ac_9462wireless-ac_9461dual_band_wireless-ac_3168_firmwarewi-fi_6_ax200_firmwarewi-fi_6_ax201dual_band_wireless-ac_3165wireless_7265_\(rev_d\)_firmwaredual_band_wireless-ac_8260wireless_7265_\(rev_d\)dual_band_wireless-ac_3168wireless-ac_9260dual_band_wireless-ac_3165_firmwareIntel(R) Wireless Bluetooth(R)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-43548
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.45%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 18:48
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Patient Information Center iX (PIC iX) and Efficia CM Series Improper Input Validation

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

Action-Not Available
Vendor-Philips
Product-patient_information_center_ixPatient Information Center iX (PIC iX)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12314
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.86%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:11
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-wireless-ac_9461wireless-ac_9560wi-fi_6_ax201dual_band_wireless-ac_3165dual_band_wireless-ac_8260wireless-ac_9260dual_band_wireless-ac_3168wireless_7265_\(rev_d\)wi-fi_6_ax200wireless-ac_9462dual_band_wireless-ac_8265proset\/wireless_wifiIntel(R) PROSet/Wireless WiFi
CWE ID-CWE-20
Improper Input Validation
CVE-2025-44526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.94%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 00:00
Updated-18 Jul, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8762ekf-evbrtl8762e_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
CVE-2011-3363
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.67%
||
7 Day CHG~0.00%
Published-24 May, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelenterprise_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34983
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.02%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-29 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-killer_wi-fi_6e_ax1690proset\/wirelesskillerwi-fi_6_ax201wi-fi_6e_ax211killer_wi-fi_6e_ax1675wi-fi_6e_ax210wi-fi_6_ax200wi-fi_6e_ax411killer_wi-fi_6_ax1650Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37039
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.93%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:11
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiharmonyosemuiMagic UIHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28911
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
ShareView Details
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.03%
||
7 Day CHG~0.00%
Published-28 Jun, 2025 | 15:34
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Channel Disconnection Resulting in Denial of Service

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.

Action-Not Available
Vendor-Preh Car Connect GmbH (JOYNEXT GmbH)
Product-Volkswagen MIB3 infotainment system MIB3 OI MQB
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28374
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 25.95%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-29 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-killer_wi-fi_6e_ax1690proset\/wirelesswi-fi_6e_ax211killerkiller_wi-fi_6e_ax1675wi-fi_6e_ax411proset_wi-fi_6e_ax210Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software
CWE ID-CWE-20
Improper Input Validation
CVE-2025-40556
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.57%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation.

Action-Not Available
Vendor-Siemens AG
Product-BACnet ATEC 550-446BACnet ATEC 550-445BACnet ATEC 550-441BACnet ATEC 550-440
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0775
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.62%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 16:23
Updated-18 Feb, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth LE Invalid prepare write request command leads to denial of service

An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service.

Action-Not Available
Vendor-silabssilabs.com
Product-gecko_software_development_kitGSDK
CWE ID-CWE-20
Improper Input Validation
CVE-2019-19192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.36%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 18:08
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.

Action-Not Available
Vendor-stn/a
Product-bluenrg-2wb55n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12521
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.34%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 22:43
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack.

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-axc_f_2152axc_f_2152_starterkitaxc_f_1152rfc_4072saxc_f_3152plcnext_firmwareplcnext_technology_starterkitPLCnext Technology Starterkit (1188165)AXC F 1152 (1151412)AXC F 2152 (2404267)RFC 4072S (1051328AXC F 3152 (1069208)AXC F 2152 Starterkit (1046568)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10068
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 23.09%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 17:37
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zephyr Bluetooth DLE duplicate requests vulnerability

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1796
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.14% / 35.54%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:45
Updated-21 Nov, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-wireless_lan_controllerwireless_lan_controller_softwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-399
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1799
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.14% / 35.54%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:45
Updated-21 Nov, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-wireless_lan_controllerwireless_lan_controller_softwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-399
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2025-3885
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 00:49
Updated-15 Aug, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability

Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942.

Action-Not Available
Vendor-Harman BeckerSamsung
Product-harman_mgu21harman_mgu21_firmwareMGU21
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0196
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5302
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 20.33%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 19:50
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p20_pro_firmwaresydney-l22honor_v20_firmwarecharlotte-l29ccolumbia-l29d_firmwaresydney-l21_firmwaresydney-l21y9_2019sydneym-l23_firmwarebla-l29cever-l29b_firmwareemily-l29c_firmwarep30_pro_firmwarehonor_20mate_20_prohonor_view_20mate_20_xjackman-l22_firmwarep20nova_lite_3honor_magic2paris-l29b_firmwarehonor_magic2_firmwaresydneym-l03_firmwarep30_procolumbia-al10b_firmwarecornell-al00asydney-l22bralp-l29_firmwaresydney-l22br_firmwareberkeley-l09_firmwarealp-l09emily-l09c_firmwarep30_firmwareyale-l21a_firmwarehonor_10_lite_firmwarehonor_v20y9_2019_firmwaresydneym-l21_firmwareberkeley-al20alp-l09_firmwaremate_20emily-l09ccornell-al00a_firmwaresydneym-l01cornell-l29asydney-l21br_firmwaresydneym-l22honor_view_20_firmwareparis-l29bparis-l21b_firmwaresydneym-l22_firmwaresydney-al00_firmwaresydneym-l01_firmwareberkeley-al20_firmwareever-l29bcolumbia-l29dcolumbia-al10bsydneym-l03jackman-l22honor_10_liteparis-l21meb_firmwareparis-l21bsydneym-l23yale-l21acharlotte-l09cnova_lite_3_firmwarealp-l29p20_firmwaresydney-l22_firmwareberkeley-l09p20_prosydney-al00mate_20_rs_firmwarehonor_20_firmwaresydneym-l21mate_20_x_firmwarecharlotte-l29c_firmwarealp-al00b_firmwareparis-l21mebsydneym-al00_firmwaresydney-l21brmate_20_firmwarep30mate_20_rscornell-l29a_firmwarebla-l29c_firmwaresydneym-al00charlotte-l09c_firmwaremate_20_pro_firmwarehonor_8x_firmwarehonor_8xalp-al00bemily-l29cParis-L21MEBSydneyM-L03SydneyM-L21HUAWEI Mate 20 ProBLA-L29CALP-L09HUAWEI P20 ProEver-L29BSydneyM-L23Cornell-AL00AParis-L29BEmily-L09CHonor 8XSydneyM-L22Cornell-L29AColumbia-L29DCharlotte-L09CSydney-AL00Honor V20Honor Magic2HUAWEI Mate 20 RSSydneyM-L01HUAWEI P30Berkeley-AL20Sydney-L21Sydney-L22HUAWEI nova lite 3Honor 20Sydney-L21BRParis-L21BHUAWEI Mate 20 XBerkeley-L09SydneyM-AL00Honor 10 LiteJackman-L22ALP-AL00BSydney-L22BRHUAWEI P20Columbia-AL10BALP-L29HUAWEI P30 ProHonor View 20HUAWEI Y9 2019Yale-L21AEmily-L29CCharlotte-L29CHUAWEI Mate 20
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5260
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.36%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 21:52
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-view_20_firmwarey9_2019view_20y9_2019_firmwareHUAWEI Y9 2019;Honor View 20
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1800
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.14% / 35.54%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 01:00
Updated-21 Nov, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-wireless_lan_controllerwireless_lan_controller_softwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-399
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15265
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.24% / 46.47%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability

A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_2800aironet_2800_firmwareaironet_1800aironet_1560aironet_3800aironet_1540_firmwareaironet_1560_firmwareaironet_3800_firmwareaironet_1800_firmwareaironet_1540Cisco Aironet Access Point Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5303
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 20.33%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 20:01
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p20_pro_firmwaresydney-l22honor_v20_firmwarecharlotte-l29ccolumbia-l29d_firmwaresydney-l21_firmwaresydney-l21y9_2019sydneym-l23_firmwarebla-l29cever-l29b_firmwareemily-l29c_firmwarep30_pro_firmwarehonor_20mate_20_prohonor_view_20mate_20_xjackman-l22_firmwarep20nova_lite_3honor_magic2paris-l29b_firmwarehonor_magic2_firmwaresydneym-l03_firmwarep30_procolumbia-al10b_firmwarecornell-al00asydney-l22bralp-l29_firmwaresydney-l22br_firmwareberkeley-l09_firmwarealp-l09emily-l09c_firmwarep30_firmwareyale-l21a_firmwarehonor_10_lite_firmwarehonor_v20y9_2019_firmwaresydneym-l21_firmwareberkeley-al20alp-l09_firmwaremate_20emily-l09ccornell-al00a_firmwaresydneym-l01cornell-l29asydney-l21br_firmwaresydneym-l22honor_view_20_firmwareparis-l29bparis-l21b_firmwaresydneym-l22_firmwaresydney-al00_firmwaresydneym-l01_firmwareberkeley-al20_firmwareever-l29bcolumbia-l29dcolumbia-al10bsydneym-l03jackman-l22honor_10_liteparis-l21meb_firmwareparis-l21bsydneym-l23yale-l21acharlotte-l09cnova_lite_3_firmwarealp-l29p20_firmwaresydney-l22_firmwareberkeley-l09p20_prosydney-al00mate_20_rs_firmwarehonor_20_firmwaresydneym-l21mate_20_x_firmwarecharlotte-l29c_firmwarealp-al00b_firmwareparis-l21mebsydneym-al00_firmwaresydney-l21brmate_20_firmwarep30mate_20_rscornell-l29a_firmwarebla-l29c_firmwaresydneym-al00charlotte-l09c_firmwaremate_20_pro_firmwarehonor_8x_firmwarehonor_8xalp-al00bemily-l29cParis-L21MEBSydneyM-L03SydneyM-L21HUAWEI Mate 20 ProBLA-L29CALP-L09HUAWEI P20 ProEver-L29BSydneyM-L23Cornell-AL00AEmily-L09CParis-L29BHonor 8XSydneyM-L22Cornell-L29AColumbia-L29DCharlotte-L09CSydney-AL00Honor V20HUAWEI Mate 20 RSSydneyM-L01HUAWEI P30Honor Magic2Berkeley-AL20Sydney-L21HUAWEI nova lite 3Sydney-L22Honor 20Sydney-L21BRParis-L21BHUAWEI Mate 20 XBerkeley-L09ALP-AL00BHonor 10 LiteJackman-L22SydneyM-AL00Columbia-AL10BHUAWEI P20ALP-L29Sydney-L22BRHUAWEI P30 ProHonor View 20HUAWEI Y9 2019Yale-L21AEmily-L29CCharlotte-L29CHUAWEI Mate 20
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12588
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.99%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 11:30
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Action-Not Available
Vendor-espressifn/a
Product-esp8266_nonos_sdkarduino_esp8266n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33110
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.21%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-ac_9462_firmwarewindows_10ac_9560_firmwarewindows_11ax200_firmwareax210_firmwareac_8260_firmwareac_7265_firmwareac_1550_firmwareac_9461_firmwareac_9260_firmwareax1650_firmwareac_3168_firmwareax1675_firmwareac_3165_firmwareac_8265_firmwareax201_firmwareIntel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24510
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.57%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation.

Action-Not Available
Vendor-Siemens AG
Product-MS/TP Point Pickup Module
CWE ID-CWE-20
Improper Input Validation
CVE-2022-39881
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 64.47%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-exynosexynos_firmwareSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-0816
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.03%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 06:38
Updated-13 Feb, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device.

Action-Not Available
Vendor-Schneider Electric SE
Product-Enerlin’X IFE interface (LV434001)Enerlin’X eIFE (LV851001)
CWE ID-CWE-20
Improper Input Validation
CVE-2025-0815
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.03%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 06:39
Updated-13 Feb, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device.

Action-Not Available
Vendor-Schneider Electric SE
Product-Enerlin’X IFE interface (LV434001)Enerlin’X eIFE (LV851001)
CWE ID-CWE-20
Improper Input Validation
CVE-2024-8798
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.98%
||
7 Day CHG~0.00%
Published-15 Dec, 2024 | 23:23
Updated-03 Feb, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth: classic: avdtp: missing buffer length check

No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6259
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 20:17
Updated-25 Sep, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: HCI: adv_ext_report Improper discarding in adv_ext_report

BT: HCI: adv_ext_report Improper discarding in adv_ext_report

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6258
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 23.84%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 19:05
Updated-19 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Missing length checks of net_buf in rfcomm_handle_data

BT: Missing length checks of net_buf in rfcomm_handle_data

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2024-43558
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.74%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Broadband Driver Denial of Service Vulnerability

Windows Mobile Broadband Driver Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_11_22h2windows_server_2019windows_11_23h2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows 11 version 22H3
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2024-43561
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.74%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Broadband Driver Denial of Service Vulnerability

Windows Mobile Broadband Driver Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_11_22h2windows_server_2019windows_11_23h2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows 11 version 22H3
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2024-43538
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.74%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Broadband Driver Denial of Service Vulnerability

Windows Mobile Broadband Driver Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_11_22h2windows_server_2019windows_11_23h2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows 11 version 22H3
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38234
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 65.77%
||
7 Day CHG-0.13%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Networking Denial of Service Vulnerability

Windows Networking Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38105
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 57.93%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-32048
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6||MEDIUM
EPSS-0.04% / 9.74%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:08
Updated-15 Nov, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Distribution of OpenVINO(TM) Model Server software
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4843
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.47%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 14:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_h_v6simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400_h_v6_firmwaresimatic_cp_343-1simatic_cp_443-1_firmwaresimatic_s7-400_pn\/dp_v7simatic_winac_rtx_2010_firmwaresimatic_s7-1500_firmwaresimatic_s7-400_pn\/dp_v6sinumerik_828d_firmwaresimatic_s7-1500simatic_cp_443-1sinumerik_828dsimatic_s7-300simatic_s7-400_pn\/dp_v6_firmwaresimatic_s7-410_firmwaresoftnet_pn-io_linux_firmwaresimatic_s7-410simatic_winac_rtx_2010softnet_pn-io_linuxsimatic_s7-300_firmwaresimatic_cp_343-1_firmwareSIMATIC CP 343-1 (incl. SIPLUS variants)SIMATIC WinAC RTX 2010SIMATIC ET 200S IM151-8 PN/DP CPUSIMATIC ET 200S IM151-8F PN/DP CPU SIMATIC S7-400 CPU 416F-3 PN/DP V7SIMATIC S7-410 CPU family (incl. SIPLUS variants)SIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC CP 443-1 AdvancedSINUMERIK 828DSIMATIC S7-300 CPU 315F-2 PN/DPSIPLUS NET CP 443-1 Advanced SIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-300 CPU 317TF-3 PN/DP SIMATIC S7-400 CPU 416-3 PN/DP V7SIMATIC S7-300 CPU 315-2 PN/DPSIMATIC CP 443-1SIPLUS S7-300 CPU 315-2 PN/DPSoftnet PROFINET IO for PC-based Windows systemsSIMATIC CP 343-1 Advanced (incl. SIPLUS variants)SIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 414F-3 PN/DP V7SIMATIC ET 200pro IM154-8F PN/DP CPUSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC S7-300 CPU 319-3 PN/DPSIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC WinAC RTX F 2010SIPLUS ET 200S IM151-8 PN/DP CPUSIPLUS NET CP 443-1SIMATIC S7-1500 Software ControllerSIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)SIPLUS ET 200S IM151-8F PN/DP CPUSIPLUS S7-300 CPU 317-2 PN/DPSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC ET 200pro IM154-8 PN/DP CPUSIMATIC ET 200pro IM154-8FX PN/DP CPUSIMATIC S7-300 CPU 315T-3 PN/DPSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC S7-400 CPU 412-2 PN V7SIPLUS S7-300 CPU 314C-2 PN/DP
CWE ID-CWE-20
Improper Input Validation
CVE-2024-24984
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 14.84%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 20:36
Updated-15 Nov, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Wireless Bluetooth(R) products for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-5931
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 19:41
Updated-19 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Unchecked user input in bap_broadcast_assistant

BT: Unchecked user input in bap_broadcast_assistant

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6137
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.08% / 25.10%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 20:06
Updated-19 Sep, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Classic: SDP OOB access in get_att_search_list

BT: Classic: SDP OOB access in get_att_search_list

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-36351
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.62%
||
7 Day CHG+0.01%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/LinuxFedora Project
Product-killer_wi-fi_6e_ax1690wi-fi_6_ax203debian_linuxfedorakillerwi-fi_6_ax201wi-fi_6e_ax211killer_wi-fi_6e_ax1675wi-fi_6e_ax210wi-fi_6_ax200wi-fi_6e_ax411killer_wi-fi_6_ax1650wi-fi_6_ax101uefi_firmwareproset\/wireless_wifiIntel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software
CWE ID-CWE-20
Improper Input Validation
CVE-2024-4785
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.09% / 26.53%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 22:10
Updated-03 Feb, 2025 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero

BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-20
Improper Input Validation
CVE-2024-43542
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.74%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Broadband Driver Denial of Service Vulnerability

Windows Mobile Broadband Driver Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_11_22h2windows_server_2019windows_11_23h2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows 11 version 22H3
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • Next
Details not found