Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36129

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-05 Jun, 2024 | 17:26
Updated At-02 Aug, 2024 | 03:30
Rejected At-
Credits

OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:05 Jun, 2024 | 17:26
Updated At:02 Aug, 2024 | 03:30
Rejected At:
▼CVE Numbering Authority (CNA)
OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.

Affected Products
Vendor
open-telemetry
Product
opentelemetry-collector
Versions
Affected
  • < 0.102.1
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v
x_refsource_CONFIRM
https://github.com/open-telemetry/opentelemetry-collector/pull/10289
x_refsource_MISC
https://github.com/open-telemetry/opentelemetry-collector/pull/10323
x_refsource_MISC
https://opentelemetry.io/blog/2024/cve-2024-36129
x_refsource_MISC
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/pull/10289
Resource:
x_refsource_MISC
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/pull/10323
Resource:
x_refsource_MISC
Hyperlink: https://opentelemetry.io/blog/2024/cve-2024-36129
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
opentelemetry
Product
opentelemetry
CPEs
  • cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 0.102.1 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v
x_refsource_CONFIRM
x_transferred
https://github.com/open-telemetry/opentelemetry-collector/pull/10289
x_refsource_MISC
x_transferred
https://github.com/open-telemetry/opentelemetry-collector/pull/10323
x_refsource_MISC
x_transferred
https://opentelemetry.io/blog/2024/cve-2024-36129
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/pull/10289
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/pull/10323
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://opentelemetry.io/blog/2024/cve-2024-36129
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:05 Jun, 2024 | 18:15
Updated At:18 Jun, 2024 | 17:34

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CPE Matches

opentelemetry
opentelemetry
>>configgrpc>>Versions before 0.102.1(exclusive)
cpe:2.3:a:opentelemetry:configgrpc:*:*:*:*:*:go:*:*
opentelemetry
opentelemetry
>>confighttp>>Versions before 0.102.0(exclusive)
cpe:2.3:a:opentelemetry:confighttp:*:*:*:*:*:go:*:*
opentelemetry
opentelemetry
>>opentelemetry_collector>>Versions before 0.102.1(exclusive)
cpe:2.3:a:opentelemetry:opentelemetry_collector:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-119Secondarysecurity-advisories@github.com
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/open-telemetry/opentelemetry-collector/pull/10289security-advisories@github.com
Patch
https://github.com/open-telemetry/opentelemetry-collector/pull/10323security-advisories@github.com
Patch
https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4vsecurity-advisories@github.com
Exploit
Third Party Advisory
https://opentelemetry.io/blog/2024/cve-2024-36129security-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/pull/10289
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/pull/10323
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v
Source: security-advisories@github.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://opentelemetry.io/blog/2024/cve-2024-36129
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

199Records found

CVE-2023-25151
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.97% / 58.10%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 19:21
Updated-10 Mar, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-open-telemetryThe Linux Foundation
Product-opentelemetry-go_contribopentelemetry-go-contrib
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-59892
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.36%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 16:03
Updated-08 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, allowing an unauthenticated remote attacker to send a malformed percent-encoded value that throws an uncaught URIError and terminates a Node.js process using JaegerPropagator as the active propagator. This issue is fixed in version 2.9.0.

Action-Not Available
Vendor-open-telemetry
Product-opentelemetry-js
CWE ID-CWE-248
Uncaught Exception
CVE-2025-27513
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.56%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 18:12
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry .NET has a Denial of Service (DoS) Vulnerability in API Package

OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. This vulnerability is fixed in 1.11.2.

Action-Not Available
Vendor-open-telemetry
Product-opentelemetry-dotnet
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-45686
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.67%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:25
Updated-03 Jun, 2026 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large <bytes> values and adds the payload delimiter length without checking for overflow. A crafted request with <bytes> set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-ebpf_instrumentationopentelemetry-ebpf-instrumentation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-45680
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 23.94%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:24
Updated-03 Jun, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval. This issue has been patched in version 0.9.0.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-ebpf_instrumentationopentelemetry-ebpf-instrumentation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-834
Excessive Iteration
CVE-2026-45678
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.40%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:24
Updated-03 Jun, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic. This issue has been patched in version 0.9.0.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-ebpf_instrumentationopentelemetry-ebpf-instrumentation
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-44902
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.69%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 14:49
Updated-29 May, 2026 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
opentelemetry-js: Prometheus exporter process crash via malformed HTTP request

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default 0.0.0.0:9464) has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. This vulnerability is fixed in 0.217.0.

Action-Not Available
Vendor-@opentelemetryopen-telemetry
Product-auto-instrumentations-nodesdk-nodeexporter-prometheusopentelemetry-js
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2026-45292
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.79% / 52.20%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 16:37
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, the effect can fan out to downstream services that never received the original malicious request. This vulnerability is fixed in 1.62.0.

Action-Not Available
Vendor-io.opentelemetryopen-telemetryRed Hat, Inc.
Product-opentelemetry-javaopentelemetry-extension-trace-propagatorsopentelemetry-apiRed Hat AI Inference ServerRed Hat Quay 3Red Hat Offline Knowledge Portal 1.2.7Migration Toolkit for ContainersRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat 3scale API Management Platform 2OpenShift ServerlessRed Hat Satellite 6Exploit IntelligenceMigration Toolkit for Applications 8OpenShift LightspeedRed Hat OpenShift Dev Spaces 3.29Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-42348
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.31% / 23.16%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 18:01
Updated-27 May, 2026 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpAMP client reads unbounded HTTP response bodies

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server is attacker-controlled (or a network attacker can MitM the connection) and an extremely large body is returned in the response. This vulnerability is fixed in 0.2.0-alpha.1.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-opentelemetry.opamp.clientopentelemetry-dotnet-contrib
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2026-54712
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.81%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 21:17
Updated-06 Jul, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry Javaagent RMI context propagation allows resource exhaustion

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the stream. An attacker who can reach an RMI endpoint on an instrumented JVM can send an oversized context propagation payload. This can cause excessive memory allocation while the JVM reads the payload, potentially leading to denial of service. The issue affects only deployments where RMI instrumentation is enabled and an RMI endpoint is network-reachable. This issue has been fixed in version 2.27.0.

Action-Not Available
Vendor-open-telemetryThe Linux Foundation
Product-opentelemetry_instrumentation_for_javaopentelemetry-java-instrumentation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-45685
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.46% / 37.22%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:25
Updated-03 Jun, 2026 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated, so a single crafted message can terminate telemetry collection for the affected process or node. This issue has been patched in version 0.9.0.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-ebpf_instrumentationopentelemetry-ebpf-instrumentation
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2026-29181
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 35.30%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 20:29
Updated-16 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit. This vulnerability is fixed in 1.41.0.

Action-Not Available
Vendor-opentelemetryopen-telemetryRed Hat, Inc.
Product-opentelemetryopentelemetry-goMulticluster Engine for KubernetesRed Hat Advanced Cluster Management for Kubernetes 2multicluster engine for Kubernetes 2.11
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-47108
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.59% / 72.96%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 18:31
Updated-28 Oct, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-opentelemetryopentelemetry-go-contrib
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-45142
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.36% / 68.70%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 16:33
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-opentelemetryopentelemetry-go-contrib
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-43810
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.48%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 13:53
Updated-19 Sep, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-opentelemetryopentelemetry-python-contrib
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-5572
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-4.20% / 89.83%
||
7 Day CHG+0.32%
Published-04 Jun, 2025 | 06:00
Updated-06 Jun, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-932L setSystemEmail stack-based overflow

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-932ldcs-932l_firmwareDCS-932L
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15266
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-0.93% / 56.52%
||
7 Day CHG+0.01%
Published-21 Oct, 2020 | 20:30
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undefined behavior in Tensorflow

In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-15173
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-1.18% / 64.29%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 22:45
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap buffer overflow in ACCEL-PPP

In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions.

Action-Not Available
Vendor-accel-pppaccel-ppp
Product-accel-pppaccel-ppp
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-6236
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.74% / 50.63%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 20:18
Updated-27 Aug, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service

Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)NetScaler (Cloud Software Group, Inc.)
Product-netscaler_agentnetscaler_sdxnetscaler_consoleAgentNetScaler ConsoleSDXagentnetscaler_consolesdx
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-0227
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-1.31% / 67.51%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:36
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx4100srx220srx240srx3600srx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600srx1500Junos OS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-20947
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.87% / 54.63%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 17:29
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-21160
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.51%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:41
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-wi-fi_6e_ax411_firmwarewireless-ac_9461wireless-ac_9560_firmwarewireless-ac_9260_firmwarewireless-ac_9260wi-fi_6e_ax211_firmwarewi-fi_6_ax200_firmwarewi-fi_6_ax201_firmwarewi-fi_6e_ax411proset_wi-fi_6e_ax210proset_wi-fi_6e_ax210_firmwarewireless-ac_9462wireless-ac_9462_firmwarewi-fi_6_ax200wi-fi_6_ax201wireless-ac_9461_firmwarewireless-ac_9560wi-fi_6e_ax211Intel(R) PROSet/Wireless WiFi products
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-13573
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.47%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:26
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Action-Not Available
Vendor-n/aRockwell Automation, Inc.
Product-rslinxRockwell Automation
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-53715
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 22.96%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:58
Updated-01 Aug, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link TL-WR841N Wan6to4TunnelCfgRpm.htm buffer overflow

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TP-Link Systems INC.TP-Link Systems Inc.
Product-tl-wr841n_firmwaretl-wr841nTL-WR841N V11
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-53713
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 22.96%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:58
Updated-01 Aug, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link TL-WR841N WlanNetworkRpm_APC.htm buffer overflow

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TP-Link Systems INC.TP-Link Systems Inc.
Product-tl-wr841n_firmwaretl-wr841nTL-WR841N V11
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-53711
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 22.96%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:57
Updated-19 Mar, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link TL-WR841N, TL-WR842ND and TL-WR949N WlanNetworkRpm.htm buffer overflow

A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TP-Link Systems INC.TP Link Systems Inc.TP-Link Systems Inc.
Product-tl-wr841n_firmwaretl-wr841nTL-WR949N v3TL-WR842ND v2TL-WR841N v11
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-53712
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 22.96%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:57
Updated-01 Aug, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link TL-WR841N WlanNetworkRpm_AP.htm buffer overflow

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TP-Link Systems INC.TP-Link Systems Inc.
Product-tl-wr841n_firmwaretl-wr841nTL-WR841N V11
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-32331
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 49.00%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 18:38
Updated-31 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Connect:Express for UNIX denial of service

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-aixsterling_connect\linux_kernelsolarisSterling Connect:Express for UNIX
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2011-3359
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.23% / 86.84%
||
7 Day CHG~0.00%
Published-24 May, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-32887
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-0.95% / 57.23%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:50
Updated-16 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6983wnr16mt6897mt6873mt6885mt6895tmt6896mt6890mt6985mt6985tmt6883mt6833mt6983tmt6895mt6980dmt6877tnr15mt6990nr17mt6833pmt6879mt6891mt6983zmt6813mt6893mt6989mt2735mt6835mt6853tmt6853mt6878mt6980mt6875mt6855mt6880mt6877mt6889mt6886MT2735, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3261
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.73% / 50.12%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 03:53
Updated-09 Oct, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.

Action-Not Available
Vendor-Cyber Power Systems, Inc.Dataprobe, Inc.
Product-iboot-pdu8sa-2n15_firmwareiboot-pdu4sa-n15iboot-pdu8a-2c20iboot-pdu4-n20iboot-pdu4sa-c20iboot-pdu4-c20iboot-pdu8a-2c10_firmwareiboot-pdu8a-c20iboot-pdu4sa-n20_firmwareiboot-pdu8sa-2n15iboot-pdu4sa-n15_firmwareiboot-pdu4-n20_firmwareiboot-pdu8a-2c10iboot-pdu8sa-c10iboot-pdu8a-c10iboot-pdu8a-2c20_firmwareiboot-pdu8sa-n15iboot-pdu4-c20_firmwarepowerpanel_serveriboot-pdu4a-n15iboot-pdu4a-n20_firmwareiboot-pdu4sa-c20_firmwareiboot-pdu4sa-n20iboot-pdu8a-2n15iboot-pdu8a-c20_firmwareiboot-pdu8a-n20iboot-pdu4a-c20_firmwareiboot-pdu4sa-c10_firmwareiboot-pdu8sa-n20iboot-pdu8a-c10_firmwareiboot-pdu4a-n20iboot-pdu4a-c20iboot-pdu8a-2n15_firmwareiboot-pdu8sa-n20_firmwareiboot-pdu4a-c10iboot-pdu4a-c10_firmwareiboot-pdu8a-2n20iboot-pdu4a-n15_firmwareiboot-pdu8a-n15_firmwareiboot-pdu8a-n20_firmwareiboot-pdu8sa-n15_firmwareiboot-pdu8a-2n20_firmwareiboot-pdu4sa-c10iboot-pdu8sa-c10_firmwareiboot-pdu8a-n15iBoot PDU
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-3138
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.98%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.

Action-Not Available
Vendor-n/aX.Org FoundationRed Hat, Inc.
Product-libx11enterprise_linuxlibX11
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6571
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.60% / 73.06%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:47
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). An attacker with network access to port 10005/tcp of the LOGO! device could cause a Denial-of-Service condition by sending specially crafted packets. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_firmwarelogo\!8SIEMENS LOGO!8
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-46023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.72%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 00:00
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.

Action-Not Available
Vendor-mrubyn/a
Product-mrubyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-46020
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 60.08%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 20:01
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.

Action-Not Available
Vendor-mrubyn/a
Product-mrubyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-3036
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-8.6||HIGH
EPSS-2.24% / 80.84%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 11:08
Updated-02 Jan, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Slice index in cfnts leads to remote panic

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71  enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-cfntscfnts
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-44503
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 72.03%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 17:51
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault.

Action-Not Available
Vendor-fisglobaln/a
Product-gt.mn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-27729
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.44%
||
7 Day CHG~0.00%
Published-09 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-26285
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.95% / 57.12%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 15:16
Updated-29 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-24817
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.64% / 46.36%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:50
Updated-10 Jan, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RIOT-OS vulnerable to Out of Bounds write in routing with SRH

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack.

Action-Not Available
Vendor-riot-osRIOT-OS
Product-riotRIOT
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4896
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.72% / 49.71%
||
7 Day CHG+0.03%
Published-18 May, 2025 | 21:00
Updated-27 May, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10 UserCongratulationsExec buffer overflow

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10ac10_firmwareAC10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22882
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.14% / 63.09%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Zoom Clients

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-6817
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-7.19% / 93.60%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-19416
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.88% / 55.15%
||
7 Day CHG~0.00%
Published-08 Jul, 2020 | 16:55
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwareusg9560_firmwareviewpoint_9030ips_modulear3200_firmwarear2200espace_u1930te60viewpoint_8660_firmwaresrg3300nip6300_firmwarete30netengine16exar120-s_firmwareusg9560svn5800-c_firmwarengfw_moduledp300ar200-sespace_u1911ar120-ssoftco_firmwarear510usg9520ar150-ssemg9811_firmwarete60_firmwaresrg2300secospace_usg6500_firmwaresvn5800ar150_firmwareips_module_firmwaresecospace_usg6600_firmwarear3600ar3200semg9811dp300_firmwarear200-s_firmwareespace_u1910softcosvn5600ar160_firmwarevp9660_firmwareusg9520_firmwareespace_u1960netengine16ex_firmwaresecospace_usg6600viewpoint_9030_firmwarear1200te30_firmwarevp9660srg1300srg1300_firmwaresecospace_usg6300espace_u1980srg2300_firmwarete40srg3300_firmwareespace_u1910_firmwareespace_u1930_firmwaresmc2.0_firmwarear1200-s_firmwareusg9500te50espace_u1911_firmwarerse6500nip6600espace_u1981_firmwarenip6800_firmwareespace_u1981ar160espace_u1980_firmwarenip6300secospace_usg6500usg9500_firmwaresvn5800_firmwarear2200-stp3206tp3206_firmwaresvn5600_firmwarear510_firmwarear150-s_firmwarear1200-sar150smc2.0ngfw_module_firmwarear1200_firmwarear200espace_u1960_firmwarear3600_firmwarear2200-s_firmwarenip6800te40_firmwarerse6500_firmwareviewpoint_8660ar200_firmwarenip6600_firmwaresvn5800-cte50_firmwaresecospace_usg6300_firmwareSoftCoeSpace U1960NGFW ModuleSMC2.0TP3206USG9500ViewPoint 9030eSpace U1911TE50SRG1300TE40AR2200-SVP9660eSpace U1980SVN5800AR160NIP6300SVN5600NetEngine16EXAR1200AR150AR2200IPS ModuleViewPoint 8660AR150-SNIP6600TE30NIP6800Secospace USG6600USG9520RSE6500eSpace U1910DP300eSpace U1981USG9560TE60AR120-SAR510Secospace USG6300SRG2300SRG3300AR3200AR1200-SSVN5800-CSeMG9811AR3600eSpace U1930AR200Secospace USG6500AR200-S
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2023-22881
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.12% / 62.58%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Zoom Clients

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-19415
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.88% / 55.15%
||
7 Day CHG~0.00%
Published-08 Jul, 2020 | 16:58
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar2200_firmwareusg9560_firmwareviewpoint_9030ips_modulear3200_firmwarear2200espace_u1930te60viewpoint_8660_firmwaresrg3300nip6300_firmwarete30netengine16exar120-s_firmwareusg9560svn5800-c_firmwarengfw_moduledp300ar200-sespace_u1911ar120-ssoftco_firmwarear510usg9520ar150-ssemg9811_firmwarete60_firmwaresrg2300secospace_usg6500_firmwaresvn5800ar150_firmwareips_module_firmwaresecospace_usg6600_firmwarear3600ar3200semg9811dp300_firmwarear200-s_firmwareespace_u1910softcosvn5600ar160_firmwarevp9660_firmwareusg9520_firmwareespace_u1960netengine16ex_firmwaresecospace_usg6600viewpoint_9030_firmwarear1200te30_firmwarevp9660srg1300srg1300_firmwaresecospace_usg6300espace_u1980srg2300_firmwarete40srg3300_firmwareespace_u1910_firmwareespace_u1930_firmwaresmc2.0_firmwarear1200-s_firmwareusg9500te50espace_u1911_firmwarerse6500nip6600espace_u1981_firmwarenip6800_firmwareespace_u1981ar160espace_u1980_firmwarenip6300secospace_usg6500usg9500_firmwaresvn5800_firmwarear2200-stp3206tp3206_firmwaresvn5600_firmwarear510_firmwarear150-s_firmwarear1200-sar150smc2.0ngfw_module_firmwarear1200_firmwarear200espace_u1960_firmwarear3600_firmwarear2200-s_firmwarenip6800te40_firmwarerse6500_firmwareviewpoint_8660ar200_firmwarenip6600_firmwaresvn5800-cte50_firmwaresecospace_usg6300_firmwareSoftCoeSpace U1960NGFW ModuleSMC2.0TP3206USG9500ViewPoint 9030eSpace U1911TE50SRG1300TE40AR2200-SVP9660eSpace U1980SVN5800AR160NIP6300SVN5600NetEngine16EXAR1200AR150AR2200IPS ModuleViewPoint 8660AR150-SNIP6600TE30NIP6800Secospace USG6600USG9520RSE6500eSpace U1910DP300eSpace U1981USG9560TE60AR120-SAR510Secospace USG6300SRG2300SRG3300AR3200AR1200-SSVN5800-CSeMG9811AR3600eSpace U1930AR200Secospace USG6500AR200-S
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20529
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.53%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7702_firmwareepyc_7343_firmwareepyc_7453epyc_7702p_firmwareepyc_7413_firmwareepyc_7f52epyc_7302epyc_7232p_firmwareepyc_7302_firmwareepyc_7443epyc_7542epyc_7763_firmwareepyc_7513epyc_7373x_firmwareepyc_7352epyc_7573x_firmwareepyc_7f32epyc_7302p_firmwareepyc_7742epyc_7252epyc_7542_firmwareepyc_7262epyc_7773x_firmwareepyc_72f3_firmwareepyc_7443p_firmwareepyc_7402epyc_7702pepyc_7443pepyc_7h12_firmwareepyc_75f3epyc_7443_firmwareepyc_7642_firmwareepyc_7f32_firmwareepyc_7552_firmwareepyc_7313pepyc_7402pepyc_7543pepyc_7f72_firmwareepyc_7642epyc_7532epyc_7502p_firmwareepyc_7573xepyc_7272_firmwareepyc_7663_firmwareepyc_7763epyc_7413epyc_7643epyc_7502epyc_7h12epyc_7f72epyc_7743_firmwareepyc_7643_firmwareepyc_72f3epyc_7262_firmwareepyc_7352_firmwareepyc_74f3_firmwareepyc_7532_firmwareepyc_7502_firmwareepyc_7543_firmwareepyc_7402p_firmwareepyc_7373xepyc_7232pepyc_7282_firmwareepyc_7743epyc_7452epyc_7452_firmwareepyc_7302pepyc_73f3_firmwareepyc_7702epyc_7543p_firmwareepyc_7663epyc_7773xepyc_7543epyc_7f52_firmwareepyc_7313p_firmwareepyc_7662_firmwareepyc_7252_firmwareepyc_7002_firmwareepyc_7313epyc_7003epyc_7003_firmwareepyc_7002epyc_7313_firmwareepyc_7402_firmwareepyc_74f3epyc_75f3_firmwareepyc_7343epyc_7272epyc_7662epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7552epyc_7502pepyc_7713epyc_7742_firmwareepyc_7282epyc_7513_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-20531
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.52%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7702_firmwareepyc_7343_firmwareepyc_7453epyc_7702p_firmwareepyc_7413_firmwareepyc_7f52epyc_7302epyc_7232p_firmwareepyc_7302_firmwareepyc_7443epyc_7542epyc_7763_firmwareepyc_7513epyc_7373x_firmwareepyc_7352epyc_7573x_firmwareepyc_7f32epyc_7302p_firmwareepyc_7742epyc_7252epyc_7542_firmwareepyc_7262epyc_7773x_firmwareepyc_72f3_firmwareepyc_7443p_firmwareepyc_7402epyc_7702pepyc_7443pepyc_7h12_firmwareepyc_75f3epyc_7443_firmwareepyc_7642_firmwareepyc_7f32_firmwareepyc_7552_firmwareepyc_7313pepyc_7402pepyc_7543pepyc_7f72_firmwareepyc_7642epyc_7532epyc_7502p_firmwareepyc_7573xepyc_7272_firmwareepyc_7663_firmwareepyc_7763epyc_7413epyc_7643epyc_7502epyc_7h12epyc_7f72epyc_7743_firmwareepyc_7643_firmwareepyc_72f3epyc_7262_firmwareepyc_7352_firmwareepyc_74f3_firmwareepyc_7532_firmwareepyc_7502_firmwareepyc_7543_firmwareepyc_7402p_firmwareepyc_7373xepyc_7232pepyc_7282_firmwareepyc_7743epyc_7452epyc_7452_firmwareepyc_7302pepyc_73f3_firmwareepyc_7702epyc_7543p_firmwareepyc_7663epyc_7773xepyc_7543epyc_7f52_firmwareepyc_7313p_firmwareepyc_7662_firmwareepyc_7252_firmwareepyc_7002_firmwareepyc_7313epyc_7003epyc_7003_firmwareepyc_7002epyc_7313_firmwareepyc_7402_firmwareepyc_74f3epyc_75f3_firmwareepyc_7343epyc_7272epyc_7662epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7552epyc_7502pepyc_7713epyc_7742_firmwareepyc_7282epyc_7513_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8186
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.52% / 40.64%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 12:00
Updated-13 May, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-of-bounds

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named d5bc487fcf9ea87d2b03f2ef95123af344773bfb. It is suggested to install a patch to address this issue.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-0613
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.75%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 13:40
Updated-02 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TRENDnet TEW-811DRU httpd security.asp memory corruption

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability.

Action-Not Available
Vendor-TRENDnet, Inc.
Product-tew-811dru_firmwaretew-811druTEW-811DRU
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found