Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-2953

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-30 Mar, 2025 | 15:31
Updated At-22 Apr, 2025 | 11:36
Rejected At-
Credits

PyTorch torch.mkldnn_max_pool2d denial of service

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:30 Mar, 2025 | 15:31
Updated At:22 Apr, 2025 | 11:36
Rejected At:
▼CVE Numbering Authority (CNA)
PyTorch torch.mkldnn_max_pool2d denial of service

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Affected Products
Vendor
n/a
Product
PyTorch
Versions
Affected
  • 2.6.0+cu124
Problem Types
TypeCWE IDDescription
CWECWE-404Denial of Service
Type: CWE
CWE ID: CWE-404
Description: Denial of Service
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.03.3LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.01.7N/A
AV:L/AC:L/Au:S/C:N/I:N/A:P
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.0
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 2.0
Base score: 1.7
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Default436352 (VulDB User)
Timeline
EventDate
Advisory disclosed2025-03-29 00:00:00
VulDB entry created2025-03-29 01:00:00
VulDB entry last update2025-04-22 13:41:43
Event: Advisory disclosed
Date: 2025-03-29 00:00:00
Event: VulDB entry created
Date: 2025-03-29 01:00:00
Event: VulDB entry last update
Date: 2025-04-22 13:41:43
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.302006
vdb-entry
technical-description
https://vuldb.com/?ctiid.302006
signature
permissions-required
https://vuldb.com/?submit.521279
third-party-advisory
https://github.com/pytorch/pytorch/issues/149274
issue-tracking
https://github.com/pytorch/pytorch/issues/149274#issue-2923122269
exploit
issue-tracking
https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
related
Hyperlink: https://vuldb.com/?id.302006
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.302006
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.521279
Resource:
third-party-advisory
Hyperlink: https://github.com/pytorch/pytorch/issues/149274
Resource:
issue-tracking
Hyperlink: https://github.com/pytorch/pytorch/issues/149274#issue-2923122269
Resource:
exploit
issue-tracking
Hyperlink: https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
Resource:
related
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/pytorch/pytorch/issues/149274
exploit
Hyperlink: https://github.com/pytorch/pytorch/issues/149274
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:30 Mar, 2025 | 16:15
Updated At:22 Apr, 2025 | 12:15

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary2.01.7LOW
AV:L/AC:L/Au:S/C:N/I:N/A:P
Type: Secondary
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 2.0
Base score: 1.7
Base severity: LOW
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
The Linux Foundation
linuxfoundation
>>pytorch>>2.6.0\+cu124
cpe:2.3:a:linuxfoundation:pytorch:2.6.0\+cu124:*:*:*:*:python:*:*
Weaknesses
CWE IDTypeSource
CWE-404Secondarycna@vuldb.com
CWE ID: CWE-404
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-modelscna@vuldb.com
N/A
https://github.com/pytorch/pytorch/issues/149274cna@vuldb.com
Exploit
Issue Tracking
https://github.com/pytorch/pytorch/issues/149274#issue-2923122269cna@vuldb.com
Exploit
Issue Tracking
https://vuldb.com/?ctiid.302006cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.302006cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.521279cna@vuldb.com
Third Party Advisory
VDB Entry
https://github.com/pytorch/pytorch/issues/149274134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Issue Tracking
Hyperlink: https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/pytorch/pytorch/issues/149274
Source: cna@vuldb.com
Resource:
Exploit
Issue Tracking
Hyperlink: https://github.com/pytorch/pytorch/issues/149274#issue-2923122269
Source: cna@vuldb.com
Resource:
Exploit
Issue Tracking
Hyperlink: https://vuldb.com/?ctiid.302006
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.302006
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.521279
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/pytorch/pytorch/issues/149274
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

125Records found
CVE-2025-6140
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 21:31
Updated-02 Jul, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
spdlog pattern_formatter-inl.h scoped_padder resource consumption

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-gabimen/a
Product-spdlogspdlog
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1369
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5||MEDIUM
EPSS-0.05% / 15.70%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 09:00
Updated-22 Nov, 2024 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TG Soft Vir.IT eXplorer IoControlCode VIRAGTLT.sys 0x82730088 denial of service

A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects the function 0x82730088 in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875.

Action-Not Available
Vendor-tgsoftTG Soft
Product-vir.it_explorerviragtlt.sysVir.IT eXplorer
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-6498
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 2.46%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 01:31
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTACG tidy-html5 alloc.c defaultAlloc memory leak

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-HTML Tidy Advocacy Community Group (“HTACG”)
Product-tidy-html5
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-6274
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 12.22%
||
7 Day CHG+0.01%
Published-19 Jun, 2025 | 19:00
Updated-02 Jul, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

Action-Not Available
Vendor-webassemblyWebAssembly
Product-wabtwabt
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-6496
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 2.46%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 00:00
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTACG tidy-html5 parser.c InsertNodeAsParent null pointer dereference

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-HTML Tidy Advocacy Community Group (“HTACG”)
Product-tidy-html5
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1627
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-25 Mar, 2023 | 10:31
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jianming Antivirus IoControlCode kvcore.sys denial of service

A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been rated as problematic. This issue affects some unknown processing in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-224009 was assigned to this vulnerability.

Action-Not Available
Vendor-jiangminJianming
Product-jiangmin_antivirusAntivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1638
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-26 Mar, 2023 | 20:31
Updated-19 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Malware Fighter IOCTL ImfRegistryFilter.sys 0x8001E040 denial of service

A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-iobitIObit
Product-malware_fighterMalware Fighter
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1643
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-26 Mar, 2023 | 21:31
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Malware Fighter IOCTL ImfHpRegFilter.sys 0x8001E040 denial of service

A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023.

Action-Not Available
Vendor-iobitIObit
Product-malware_fighterMalware Fighter
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1640
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-26 Mar, 2023 | 21:00
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Malware Fighter IOCTL ObCallbackProcess.sys 0x222010 denial of service

A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.

Action-Not Available
Vendor-iobitIObit
Product-malware_fighterMalware Fighter
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1630
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-25 Mar, 2023 | 11:31
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JiangMin Antivirus IOCTL kvcore.sys 0x222000 denial of service

A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012.

Action-Not Available
Vendor-jiangminJiangMin
Product-jiangmin_antivirusAntivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1487
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-18 Mar, 2023 | 21:00
Updated-22 Nov, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lespeed WiseCleaner Wise System Monitor IoControlCode WiseHDInfo64.dll 0x9C40A0E0 denial of service

A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects the function 0x9C40208C/0x9C402000/0x9C402084/0x9C402088/0x9C402004/0x9C4060C4/0x9C4060CC/0x9C4060D0/0x9C4060D4/0x9C40A0DC/0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223373 was assigned to this vulnerability.

Action-Not Available
Vendor-wisecleanerLespeed
Product-wise_system_monitorWiseCleaner Wise System Monitor
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1642
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-26 Mar, 2023 | 21:31
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Malware Fighter IOCTL ObCallbackProcess.sys 0x222040 denial of service

A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-iobitIObit
Product-malware_fighterMalware Fighter
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1492
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-18 Mar, 2023 | 22:31
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Max Secure Anti Virus Plus IoControlCode MaxProc64.sys 0x220019 denial of service

A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been declared as problematic. This vulnerability affects the function 0x220019 in the library MaxProc64.sys of the component IoControlCode Handler. The manipulation of the argument SystemBuffer leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223378 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-maxpcsecureMax Secure
Product-anti_virus_plusAnti Virus Plus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1445
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.03% / 7.01%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:36
Updated-22 Nov, 2024 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Filseclab Twister Antivirus IoControlCode fildds.sys 0x80112053 denial of service

A vulnerability classified as problematic has been found in Filseclab Twister Antivirus 8. Affected is the function 0x80112053 in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-223290 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-filseclabFilseclab
Product-twister_antivirusTwister Antivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1677
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.01%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 21:31
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DriverGenius IOCTL mydrivers64.sys 0x9c402084 denial of service

A vulnerability was found in DriverGenius 9.70.0.346. It has been rated as problematic. Affected by this issue is the function 0x9c40a0c8/0x9c40a0dc/0x9c40a0e0/0x9c40a0d8/0x9c4060d4/0x9c402004/0x9c402088/0x9c40208c/0x9c4060d0/0x9c4060cc/0x9c4060c4/0x9c402084 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-224234 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-drivergeniusn/a
Product-drivergeniusDriverGenius
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1446
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.92%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:37
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 denial of service

A vulnerability classified as problematic was found in Watchdog Anti-Virus 1.4.214.0. Affected by this vulnerability is the function 0x80002004/0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223291.

Action-Not Available
Vendor-watchdogWatchdog
Product-anti-virusAnti-Virus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1450
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.02% / 4.23%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:47
Updated-26 Feb, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MP4v2 mp4trackdump.cpp DumpTrack denial of service

A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295.

Action-Not Available
Vendor-mp4v2_projectn/a
Product-mp4v2MP4v2
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1488
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.48% / 64.34%
||
7 Day CHG~0.00%
Published-18 Mar, 2023 | 21:00
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lespeed WiseCleaner Wise System Monitor IoControlCode WiseHDInfo64.dll 0x9C40A0E0 denial of service

A vulnerability, which was classified as problematic, was found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. Affected is the function 0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-223374 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-wisecleanerLespeed
Product-wise_system_monitorWiseCleaner Wise System Monitor
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-0909
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.02% / 4.58%
||
7 Day CHG~0.00%
Published-18 Feb, 2023 | 08:34
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cxasm notepad-- Directory Comparison denial of service

A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475.

Action-Not Available
Vendor-notepad--_projectcxasm
Product-notepad--notepad--
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-0907
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.21%
||
7 Day CHG~0.00%
Published-18 Feb, 2023 | 07:44
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Filseclab Twister Antivirus IoControlCode ffsmon.sys 0x220017 denial of service

A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is the function 0x220017 in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456.

Action-Not Available
Vendor-filseclabFilseclab
Product-twister_antivirusTwister Antivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1008
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-24 Feb, 2023 | 10:24
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Twister Antivirus IoControlCode filmfd.sys 0x801120E4 denial of service

A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.

Action-Not Available
Vendor-filseclabTwister
Product-twister_antivirusAntivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1189
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.04% / 8.88%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 07:11
Updated-05 Mar, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WiseCleaner Wise Folder Hider IoControlCode WiseFs64.sys 0x222410 denial of service

A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is the function 0x222400/0x222404/0x222410 in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability.

Action-Not Available
Vendor-wisecleanerWiseCleaner
Product-wise_folder_hiderWise Folder Hider
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2021-1077
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-4756
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 14.30%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 14:15
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleelastic_storage_serverSpectrum ScaleElastic Storage Server
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-4296
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.48%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link TL-WR740N ARP resource consumption

A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wr740ntl-wr740n_firmwareTL-WR740N
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-0908
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.17%
||
7 Day CHG~0.00%
Published-18 Feb, 2023 | 07:55
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xoslab Easy File Locker xlkfs.sys MessageNotifyCallback denial of service

A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.

Action-Not Available
Vendor-xoslabXoslab
Product-easy_file_lockerEasy File Locker
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1187
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.04% / 8.66%
||
7 Day CHG~0.00%
Published-06 Mar, 2023 | 07:09
Updated-02 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech Webcam for Remote Desktop Global Variable ftwebcam.sys denial of service

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.

Action-Not Available
Vendor-fabulatechFabulaTechMicrosoft Corporation
Product-webcam_for_remote_desktopwindowsWebcam for Remote Desktop
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-12661
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 1.02%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 18:31
Updated-02 Jul, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E024 null pointer dereference

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been rated as problematic. Affected by this issue is the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-iobitIObit
Product-advanced_systemcare_ultimateAdvanced SystemCare Utimate
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-12654
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 6.24%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 16:00
Updated-18 Dec, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference

A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-fabulatechFabulaTech
Product-usb_over_networkUSB over Network
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-3630
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.1||LOW
EPSS-0.02% / 4.55%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel IPsec cookie.c memory leak

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-3606
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.01% / 0.89%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel BPF libbpf.c find_prog_by_sec_insn null pointer dereference

A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-3624
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel IPsec bond_alb.c rlb_arp_xmit memory leak

A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-12657
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.95%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 17:00
Updated-19 Dec, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E000 null pointer dereference

A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-iobitIObit
Product-advanced_systemcare_ultimateAdvanced SystemCare Utimate
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-3637
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.6||LOW
EPSS-0.02% / 2.89%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel BlueZ jlink.c jlink_init denial of service

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.

Action-Not Available
Vendor-Linux Kernel Organization, IncBlueZ
Product-bluezKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-11097
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 02:00
Updated-14 Nov, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Record Management System Main Menu infinite loop

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-student_record_management_systemStudent Record Management Systemstudent_record_management_system
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-3524
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.43%
||
7 Day CHG-0.01%
Published-16 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel IPv6 ipv6_renew_options memory leak

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kernelKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-1187
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.02% / 3.38%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 17:31
Updated-15 May, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Munsoft Easy Outlook Express Recovery Registration Key denial of service

A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-munsoftMunsoft
Product-easy_outlook_express_recoveryEasy Outlook Express Recovery
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-1195
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.16%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 21:31
Updated-21 Aug, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iTop VPN IOCTL ITopVpnCallbackProcess.sys denial of service

A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-iobitiTop
Product-itop_vpnVPN
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-3544
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.01% / 1.38%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel Netfilter sysfs.c damon_sysfs_add_target memory leak

A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-1186
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.02% / 3.73%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 17:00
Updated-10 Jun, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Munsoft Easy Archive Recovery Registration Key denial of service

A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-munsoftMunsoft
Product-easy_archive_recoveryEasy Archive Recovery
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-35272
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.33% / 54.84%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:49
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP HTTP MRF vulnerability CVE-2022-35272

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-3543
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.02% / 3.52%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel BPF af_unix.c unix_release_sock memory leak

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-31693
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-windowstoolsn/a
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-4003
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 05:31
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RefindPlusRepo RefindPlus RP_ApfsIo.c InternalApfsTranslateBlock null pointer dereference

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. It has been classified as problematic. This affects the function InternalApfsTranslateBlock of the file Library/RP_ApfsLib/RP_ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The patch is named 4d35125ca689a255647e9033dd60c257d26df7cb. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-RefindPlusRepo
Product-RefindPlus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-4287
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 3.26%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 20:00
Updated-06 May, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyTorch nccl.py torch.cuda.nccl.reduce denial of service

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-n/a
Product-PyTorch
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-4002
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 05:00
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-RefindPlusRepo
Product-RefindPlus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-3198
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 01:31
Updated-15 May, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU Binutils objdump bucomm.c display_info memory leak

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-GNU
Product-binutilsBinutils
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-1192
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.3||LOW
EPSS-0.14% / 35.19%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 20:00
Updated-08 Jan, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
South River WebDrive New Secure WebDAV denial of service

A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-252682 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-southrivertechSouth Riversouthrivertech
Product-webdriveWebDrivewebdrive
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2015-10002
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.08%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 18:00
Updated-15 Apr, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kiddoware Kids Place Home Button Protection denial of service

A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-kiddowareKiddoware
Product-kids_placeKids Place
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-3010
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 1.15%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 20:00
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference

A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Khronos Group Inc.
Product-glslang
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found