Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-6969

Summary
Assigner-OpenHarmony
Assigner Org ID-0cf5dd6e-1214-4398-a481-30441e48fafd
Published At-16 Mar, 2026 | 07:10
Updated At-16 Mar, 2026 | 17:21
Rejected At-
Credits

ability_ability_runtime an improper input validation vulnerability

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:OpenHarmony
Assigner Org ID:0cf5dd6e-1214-4398-a481-30441e48fafd
Published At:16 Mar, 2026 | 07:10
Updated At:16 Mar, 2026 | 17:21
Rejected At:
â–¼CVE Numbering Authority (CNA)
ability_ability_runtime an improper input validation vulnerability

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

Affected Products
Vendor
OpenHarmony (OpenAtom Foundation)OpenHarmony
Product
OpenHarmony
Default Status
unaffected
Versions
Affected
  • From v5.0.3 through v5.1.0.x (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper input validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper input validation
Metrics
VersionBase scoreBase severityVector
3.15.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.md
N/A
Hyperlink: https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.md
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:scy@openharmony.io
Published At:16 Mar, 2026 | 14:18
Updated At:17 Mar, 2026 | 19:59

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
OpenAtom Foundation
openatom
>>openharmony>>5.0.3
cpe:2.3:o:openatom:openharmony:5.0.3:*:*:*:-:*:*:*
OpenAtom Foundation
openatom
>>openharmony>>5.1.0
cpe:2.3:o:openatom:openharmony:5.1.0:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primaryscy@openharmony.io
CWE ID: CWE-20
Type: Primary
Source: scy@openharmony.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.mdscy@openharmony.io
Vendor Advisory
Hyperlink: https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.md
Source: scy@openharmony.io
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

217Records found
CVE-2022-29201
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.11%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 23:00
Updated-22 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29194
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.40%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 21:10
Updated-22 Apr, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service via `DeleteSessionTensor` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29466
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 31.64%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_platform_services_firmwareIntel(R) SPS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29212
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 28.27%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 23:15
Updated-22 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Core dump when loading TFLite models with quantization in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29196
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 21:55
Updated-22 Apr, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-29207
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.38%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 22:10
Updated-22 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undefined behavior when users supply invalid resource handles in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-475
Undefined Behavior for Input to API
CVE-2022-29198
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 21:50
Updated-22 Apr, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatrix`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29192
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.40%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 20:30
Updated-22 Apr, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation crashes `QuantizeAndDequantizeV4Grad` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29197
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 21:55
Updated-22 Apr, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service in TensorFlow via `UnsortedSegmentJoin`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29200
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 21:30
Updated-22 Apr, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service in TensorFlow via `LSTMBlockCell`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-29206
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 22.80%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 22:15
Updated-22 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29195
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.11%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 22:00
Updated-22 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service in TensorFlow via `StagePeek`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29213
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 28.27%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 23:30
Updated-22 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete validation in signal ops leads to crashes in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2022-29211
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.41%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 23:20
Updated-22 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29204
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.15%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 22:40
Updated-22 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29191
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.96%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 20:50
Updated-22 Apr, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service via `GetSessionTensor` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29199
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.11%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 21:40
Updated-22 Apr, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes denial of service in TensorFlow via `LoadAndRemapMatrix`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29193
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 21:20
Updated-22 Apr, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation causes `TensorSummaryV2` in TensorFlow to crash

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28188
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpugpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28190
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.52%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2022-25976
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.07%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-virtual_raid_on_cpuIntel(R) VROC software
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23403
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.63%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:55
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managerIntel(R) Data Center Manager software
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22423
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.36%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 17:35
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-common_cryptographic_architectureipowerlinuxlinux_kernelaixCCA for MTM 4767
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21136
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.65%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_gold_5215xeon_silver_4109txeon_bronze_3106_firmwarecore_i9-7900xxeon_bronze_3106xeon_platinum_8260ycore_i9-7920xxeon_d-2173it_firmwarexeon_d-2145nt_firmwarexeon_platinum_8153xeon_silver_4108_firmwarecore_i9-7960x_firmwarexeon_platinum_8260y_firmwarexeon_gold_5218txeon_gold_6126_firmwarexeon_platinum_8280_firmwarexeon_gold_5218nxeon_d-2163it_firmwarexeon_silver_4209t_firmwarexeon_gold_6250lxeon_gold_6209uxeon_bronze_3104_firmwarexeon_platinum_8253xeon_d-2146nt_firmwarexeon_gold_6252nxeon_silver_4214yxeon_platinum_8156xeon_gold_6142fxeon_d-2177ntxeon_platinum_8158xeon_platinum_8270_firmwarexeon_gold_6230txeon_silver_4210rxeon_platinum_8280xeon_platinum_8180_firmwarexeon_gold_6238l_firmwarexeon_gold_5220t_firmwarexeon_gold_6252xeon_gold_5220rxeon_gold_6246xeon_gold_6226r_firmwarexeon_silver_4214rxeon_silver_4116_firmwarexeon_silver_4210r_firmwarexeon_gold_6256_firmwarexeon_gold_5122_firmwarexeon_platinum_9221xeon_gold_6230rxeon_d-2142itxeon_platinum_9222_firmwarexeon_gold_6132_firmwarexeon_d-2187ntxeon_silver_4116txeon_silver_4208xeon_gold_6150_firmwarexeon_gold_6210u_firmwarexeon_gold_6126txeon_silver_4116xeon_silver_4210t_firmwarexeon_gold_5218t_firmwarexeon_silver_4112xeon_gold_6140xeon_platinum_8160fxeon_platinum_8164xeon_platinum_8176fxeon_gold_5215lxeon_gold_5115_firmwarexeon_platinum_8168xeon_gold_6154_firmwarexeon_platinum_8168_firmwarexeon_gold_6126f_firmwarexeon_platinum_8253_firmwarexeon_gold_5120xeon_gold_6238xeon_gold_6240lxeon_gold_6248xeon_gold_6258rxeon_d-2145ntxeon_platinum_8176f_firmwarexeon_gold_6130fxeon_gold_6240l_firmwarexeon_platinum_8256xeon_platinum_9282xeon_d-2173itxeon_d-2161ixeon_d-2163itxeon_silver_4215_firmwarexeon_platinum_8160_firmwarexeon_gold_6254_firmwarexeon_gold_5220_firmwarexeon_d-2123itxeon_platinum_8160txeon_gold_6252_firmwarexeon_gold_6142xeon_gold_6230n_firmwarexeon_bronze_3206rxeon_silver_4208_firmwarexeon_gold_6148xeon_gold_6140_firmwarexeon_gold_6240xeon_d-2161i_firmwarexeon_gold_5220xeon_gold_6126fxeon_platinum_8256_firmwarexeon_gold_6144xeon_platinum_8160f_firmwarexeon_platinum_8170_firmwarexeon_gold_5218r_firmwarexeon_platinum_8176_firmwarexeon_platinum_8268xeon_gold_5118xeon_silver_4114txeon_gold_6240rxeon_silver_4214y_firmwarexeon_gold_6238_firmwarexeon_d-2143itxeon_silver_4209txeon_gold_6152_firmwarexeon_gold_6134_firmwarexeon_silver_4215rxeon_gold_6212ucore_i9-7980xe_firmwarexeon_silver_4215xeon_d-2177nt_firmwarexeon_gold_6230nxeon_gold_6126t_firmwarexeon_gold_6138pxeon_platinum_8160xeon_platinum_8280l_firmwarexeon_gold_5119txeon_gold_6148fxeon_gold_6208uxeon_gold_6130f_firmwarexeon_gold_6242_firmwarexeon_gold_6230r_firmwarexeon_gold_6242xeon_d-2142it_firmwarexeon_gold_6246_firmwarexeon_silver_4112_firmwarexeon_platinum_8260_firmwarexeon_gold_6230t_firmwarexeon_gold_6250_firmwarexeon_gold_5218_firmwarexeon_gold_6130xeon_platinum_8158_firmwarexeon_silver_4210txeon_gold_6244_firmwarexeon_gold_6138t_firmwarexeon_gold_6138_firmwarexeon_gold_6136xeon_platinum_8276_firmwarexeon_platinum_8276xeon_gold_6240_firmwarecore_i9-7960xxeon_gold_5220txeon_gold_6244xeon_gold_6242rxeon_platinum_9242_firmwarexeon_gold_6134xeon_gold_6226rxeon_gold_6258r_firmwarexeon_bronze_3204xeon_gold_6142_firmwarexeon_gold_6230_firmwarexeon_gold_5218b_firmwarexeon_gold_5218bxeon_gold_6248_firmwarexeon_d-2141ixeon_gold_6128xeon_gold_6146xeon_d-2141i_firmwarexeon_silver_4214r_firmwarexeon_silver_4108xeon_gold_6148f_firmwarexeon_gold_6254xeon_gold_5218rxeon_gold_6138p_firmwarexeon_gold_6240yxeon_platinum_8160t_firmwarexeon_gold_5218n_firmwarexeon_gold_6238lxeon_gold_6148_firmwarexeon_platinum_8156_firmwarexeon_gold_6246r_firmwarexeon_gold_6246rxeon_d-2183itxeon_d-2123it_firmwarexeon_gold_6130t_firmwarexeon_gold_6234_firmwarexeon_silver_4114_firmwarecore_i9-7940x_firmwarexeon_gold_6126core_i9-7940xcore_i9-7900x_firmwarexeon_gold_5220r_firmwarexeon_gold_5222xeon_gold_6256xeon_platinum_8260l_firmwarexeon_gold_6248rxeon_silver_4214xeon_gold_6130txeon_platinum_9222xeon_d-2187nt_firmwarexeon_gold_5220sxeon_platinum_8260xeon_platinum_8280lxeon_gold_5118_firmwarexeon_gold_5120t_firmwarexeon_d-2146ntxeon_gold_6138f_firmwarexeon_gold_6128_firmwarexeon_silver_4114xeon_gold_5119t_firmwarexeon_gold_5222_firmwarexeon_platinum_9242xeon_silver_4216xeon_platinum_8180xeon_platinum_8276lxeon_gold_6138txeon_gold_6238txeon_platinum_9221_firmwarexeon_gold_6240r_firmwarexeon_gold_6138xeon_gold_6212u_firmwarexeon_gold_6208u_firmwarexeon_gold_6146_firmwarexeon_gold_6138fcore_i9-7920x_firmwarexeon_gold_6209u_firmwarexeon_platinum_9282_firmwarexeon_gold_5120_firmwarexeon_platinum_8276l_firmwarexeon_gold_6250xeon_platinum_8260lxeon_platinum_8270xeon_gold_6248r_firmwarexeon_gold_6262v_firmwarexeon_gold_6226xeon_gold_6132xeon_silver_4214_firmwarexeon_platinum_8268_firmwarexeon_d-2166ntxeon_gold_6226_firmwarexeon_silver_4210xeon_gold_6250l_firmwarexeon_gold_6234xeon_gold_6142f_firmwarexeon_gold_6130_firmwarexeon_silver_4114t_firmwarexeon_gold_6136_firmwarexeon_gold_6252n_firmwarexeon_gold_6262vxeon_gold_6240y_firmwarexeon_gold_5215_firmwarexeon_gold_5220s_firmwarexeon_d-2143it_firmwarexeon_gold_6144_firmwarexeon_silver_4116t_firmwarexeon_silver_4210_firmwarexeon_gold_5218xeon_gold_6238rxeon_silver_4110_firmwarexeon_bronze_3204_firmwarexeon_silver_4109t_firmwarexeon_platinum_8170xeon_gold_6222v_firmwarexeon_gold_6154xeon_silver_4110xeon_bronze_3206r_firmwarexeon_gold_6238r_firmwarexeon_platinum_8176xeon_d-2166nt_firmwarexeon_silver_4215r_firmwarexeon_platinum_8164_firmwarexeon_bronze_3104xeon_gold_6242r_firmwarexeon_gold_6152xeon_gold_5217xeon_d-2183it_firmwarexeon_platinum_8153_firmwarexeon_gold_5120txeon_gold_6150core_i9-7980xexeon_gold_6210uxeon_gold_6222vxeon_silver_4216_firmwarexeon_gold_5115xeon_gold_5122xeon_gold_5215l_firmwarexeon_gold_6238t_firmwarexeon_gold_5217_firmwarexeon_gold_6230Intel(R) Xeon(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25489
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.36% / 58.37%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-30 Oct, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-20||Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.

Action-Not Available
Vendor-Google LLCSamsung ElectronicsSamsung
Product-androidSamsung Mobile DevicesMobile Devices
CWE ID-CWE-134
Use of Externally-Controlled Format String
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21180
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 20:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_e3-1565l_v5core_i7-6870hqxeon_e-2286gcore_i7-8670t_firmwarepentium_gold_g5500tcore_i7-7700t_firmwarecore_i3-10100core_i3-7320t_firmwarecore_i7-8850h_firmwarecore_i5-11400core_i7-10510yceleron_g5900t_firmwarexeon_e3-1220_v5core_i5-7y57_firmwarexeon_e-2174g_firmwarecore_i7-10710u_firmwarecore_i9-11900_firmwarexeon_e-2276ml_firmwarexeon_e3-1505m_v5_firmwarexeon_w-1270p_firmwarexeon_e3-1578l_v5_firmwarexeon_e-2246gcore_i9-10900_firmwarecore_i5-6350hqcore_i3-6300txeon_e-2374gcore_i5-8500t_firmwarecore_i7-9700k_firmwarexeon_e-2254ml_firmwarexeon_e-2236xeon_e3-1220_v5_firmwarexeon_e-2374g_firmwarecore_i7-8709g_firmwarepentium_gold_g6605pentium_gold_g6405u_firmwarepentium_gold_g5400tcore_i5-6500tcore_i5-7500core_i7-10875h_firmwarecore_i9-9900kf_firmwarecore_4415uxeon_e3-1545m_v5_firmwarecore_i3-6120core_i7-8709gcore_i5-7440hqxeon_w-10855mxeon_e-2278gepentium_gold_g5600_firmwarecore_i9-11900kfcore_i5-10600t_firmwarepentium_gold_g6505xeon_w-1270xeon_e3-1505l_v6xeon_e-2254me_firmwarecore_i7-11700k_firmwarecore_i5-10300h_firmwarepentium_gold_g6400core_i9-10900tpentium_gold_g5400_firmwarexeon_e-2126gcore_i5-8200ycore_i5-10500t_firmwarecore_i9-10900kcore_i5-10600_firmwarecore_i7-10700tecore_i7-8809g_firmwarecore_i5-11400fcore_i5-10400txeon_w-1290exeon_e3-1235l_v5core_i3-7110u_firmwarecore_5405u_firmwarecore_i7-6820eq_firmwareceleron_g5925_firmwarecore_i7-9700kfpentium_g4420t_firmwarepentium_g4520_firmwarecore_i5-7287u_firmwarexeon_w-1290te_firmwarecore_i3-8000tcore_i5-7600k_firmwarecore_i5-8305g_firmwarecore_i5-10110y_firmwarecore_i5-8650k_firmwarecore_i9-10900te_firmwarecore_i9-11900kcore_i3-8300t_firmwarecore_i3-7167u_firmwarecore_i5-10600kfxeon_w-10855_firmwarecore_i7-10700_firmwarepentium_gold_g6600_firmwarexeon_e-2146gcore_i9-10850hcore_i7-7820eq_firmwarecore_i5-8210y_firmwarecore_i5-9400fpentium_gold_g5420tcore_i7-10700kf_firmwarexeon_e-2286g_firmwarexeon_e3-1515m_v5core_i7-7560uceleron_g3920t_firmwarecore_i7-8550u_firmwarecore_i5-7600txeon_e-2284g_firmwarecore_i5-11600kfcore_i5-8365uceleron_g5900_firmwarexeon_e3-1260l_v5_firmwarexeon_e3-1240l_v5core_i5-9600kfpentium_g4500xeon_e-2288g_firmwarexeon_e-2276mxeon_e-2224gcore_i5-8600_firmwarecore_i5-8269ucore_i3-8100_firmwarepentium_g4500txeon_e3-1505m_v5core_i5-7600t_firmwarepentium_g4500_firmwarecore_i7-7510uxeon_e3-1535m_v6_firmwarecore_i7-10810ucore_i3-10300tcore_i7-7820hq_firmwarecore_i3-8100pentium_gold_g5500_firmwarepentium_gold_g5500t_firmwarexeon_e-2378g_firmwarecore_i9-11900core_i5-9600kcore_i5-8265ucore_i9-9900kfxeon_e-2246g_firmwarecore_i7-10700tcore_i5-8650core_i5-6300hqcore_i7-7600u_firmwarecore_i3-6120_firmwarecore_i7-9700kf_firmwarecore_i5-9300hcore_i7-10750hcore_i9-10850kceleron_g3920core_i5-6600t_firmwarecore_i3-7100e_firmwarecore_i5-8500bcore_3865u_firmwarepentium_gold_g6405xeon_e3-1225_v6_firmwarecore_i5-8250u_firmwarecore_i7-7820hk_firmwarexeon_w-1390_firmwarecore_4415ycore_i5-6600core_i3-8100hcore_i5-8400b_firmwarecore_i7-8706gceleron_g3940_firmwarepentium_gold_g6400tcore_i3-6300celeron_g3900core_i3-8120core_i5-7400t_firmwarecore_i9-11900fxeon_e3-1270_v5_firmwarecore_i5-8365u_firmwareceleron_g3902ecore_3865uxeon_w-1300_firmwarecore_i3-8130u_firmwarecore_i9-10885hcore_i7-8557ucore_i5-7440eqcore_i3-6320xeon_e-2386gcore_i3-8350k_firmwarecore_i5-11400_firmwarepentium_gold_g6605_firmwarexeon_e-2134core_i7-10750h_firmwarexeon_w-1290tecore_i7-8557u_firmwarecore_i5-6440eqcore_i9-10980hkxeon_e-2176mcore_i9-10900t_firmwarecore_i7-10700k_firmwarepentium_gold_g6505_firmwarecore_i5-11400f_firmwarecore_i3-10305_firmwarecore_i3-7100u_firmwarexeon_e-2274gcore_i3-10325_firmwarecore_i7-10510y_firmwarecore_i9-11900k_firmwareceleron_g5905t_firmwarexeon_e-2134_firmwarecore_i3-7007u_firmwarecore_i5-7267u_firmwarecore_i7-8500ycore_i5-7640x_firmwarecore_i9-11900t_firmwarexeon_e-2226g_firmwarepentium_g4520core_i5-7400_firmwarecore_i7-6700te_firmwarexeon_w-1370pentium_g4400_firmwareceleron_g3900te_firmwarexeon_e-2174gcore_i5-8600tcore_i7-8510y_firmwarexeon_e3-1585_v5_firmwarecore_i5-7200u_firmwarexeon_e3-1220_v6pentium_gold_g5420_firmwarecore_i7-7y75_firmwarepentium_gold_g6405t_firmwarexeon_e3-1220_v6_firmwareceleron_g3930ecore_i3-10320_firmwareceleron_g4900t_firmwarexeon_e-2176gxeon_e-2288gcore_i3-6100hcore_i7-7500uxeon_e-2274g_firmwarexeon_e3-1225_v6xeon_w-1370pcore_i3-6320t_firmwarexeon_e3-1280_v6core_i3-10320core_i5-8420t_firmwarepentium_gold_g5400xeon_e-2124g_firmwarecore_i3-10105fcore_i3-7120_firmwarexeon_w-1390t_firmwarexeon_e-2224_firmwarecore_i5-6400core_4415u_firmwarecore_i7-10875hcore_i5-6300hq_firmwarepentium_g4420tcore_i3-7101tecore_i7-7700core_i5-10400hcore_i5-6440eq_firmwarecore_i5-7300hqcore_i5-9600kf_firmwarecore_i5-10505_firmwarexeon_w-10885mxeon_e-2224g_firmwarexeon_e3-1505m_v6pentium_gold_g6500_firmwarecore_4410y_firmwarexeon_e3-1535m_v5core_i5-6600kcore_i5-10110yxeon_e3-1505m_v6_firmwarecore_i3-7007uxeon_e-2254mecore_i9-11900kf_firmwarexeon_e3-1505l_v5core_i7-8500y_firmwarecore_i7-6700t_firmwarecore_i7-6700tcore_i7-6822eq_firmwarecore_i5-6442eq_firmwarecore_i3-6102e_firmwarecore_i3-10105tcore_i9-9900k_firmwarecore_i7-6820hk_firmwarecore_i5-6500tecore_i7-10510u_firmwarecore_i7-7700_firmwarecore_i3-8100h_firmwareceleron_g5905_firmwarecore_i5-6500core_i3-10105t_firmwarecore_i5-10400h_firmwarecore_i9-10900kfcore_i9-9980hk_firmwarexeon_e-2144gcore_i3-10100tpentium_gold_g6600core_i7-7700hq_firmwarecore_i5-8300h_firmwarexeon_e3-1270_v6_firmwarecore_i9-9980hkcore_3965y_firmwarecore_i5-8500b_firmwarexeon_e-2244gcore_i3-6102exeon_w-1390tceleron_g3902e_firmwarecore_i7-6770hqcore_i7-10610uxeon_e3-1235l_v5_firmwarecore_i7-9850h_firmwarecore_i7-11700kfpentium_gold_g5420core_i7-11700_firmwarecore_i7-7740xcore_i7-7y75core_i7-8559ucore_i9-10850h_firmwarexeon_e3-1575m_v5core_i5-7210ucore_i5-8550_firmwarexeon_e-2124gcore_i5-11500tcore_i7-8670_firmwarecore_i7-8560ucore_i5-9400pentium_gold_g5600core_i3-6320_firmwarecore_i3-6100e_firmwarexeon_e3-1285_v6_firmwarexeon_w-1290t_firmwarecore_i3-10325xeon_e-2356gcore_i5-8500_firmwarecore_i7-8700core_i3-7130uxeon_e3-1585l_v5_firmwarecore_i5-8400xeon_e3-1585_v5core_i3-10105f_firmwarexeon_e-2334core_i5-7440hq_firmwarecore_i7-9850hcore_i5-7300hq_firmwarecore_i5-8650kxeon_w-1350core_i3-10110u_firmwarecore_i5-7600xeon_e3-1505l_v5_firmwarecore_i7-8750hfxeon_e3-1280_v5_firmwarexeon_w-1290core_i9-11900f_firmwarexeon_e-2186gxeon_e-2314_firmwarecore_i5-8310y_firmwarecore_i3-10110ucore_i7-8665u_firmwarecore_i9-10885h_firmwarexeon_e3-1280_v5core_i7-7567u_firmwarecore_i5-7442eq_firmwarecore_i5-11500_firmwarecore_i7-6770hq_firmwarecore_i7-8569u_firmwarecore_3965ycore_i5-8420_firmwarexeon_w-1350pcore_i9-10900xeon_e3-1230_v6_firmwarexeon_e3-1565l_v5_firmwarexeon_e3-1275_v6core_i5-7360uxeon_w-1250core_i5-7300ucore_i3-10300xeon_w-1290p_firmwareceleron_g5925core_i5-7600_firmwarecore_i5-6600tcore_i3-8100t_firmwarexeon_w-1250p_firmwarexeon_e3-1230_v5_firmwarecore_i5-6500t_firmwareceleron_g5920core_i3-7100h_firmwarecore_i7-8565ucore_i7-8670core_4205uxeon_e3-1578l_v5core_3965ucore_i5-8400_firmwarexeon_e-2104g_firmwarexeon_e-2234_firmwarecore_i7-7700kcore_i7-8510ycore_i7-10870hceleron_g3900t_firmwarecore_i7-10510ucore_i3-7320tcore_i3-6300t_firmwarecore_i3-10100fxeon_w-1290ppentium_gold_g5500core_i7-7920hq_firmwareceleron_5305u_firmwareceleron_g4900_firmwareceleron_g3940core_i5-8310ycore_i3-10300_firmwarecore_i5-6440hqcore_i7-9750hf_firmwarexeon_e-2324gcore_i7-6870hq_firmwarecore_i3-6100ecore_i5-7200uxeon_e3-1270_v5core_i3-8000t_firmwarecore_i5-8265u_firmwarecore_i7-6970hq_firmwarepentium_g4520t_firmwarexeon_e-2186m_firmwarecore_i7-6820hqcore_i5-10210ucore_i3-8000_firmwarexeon_e-2234pentium_gold_g5400t_firmwarecore_i5-10500core_i7-7740x_firmwarecore_i5-8400bpentium_gold_g6405tceleron_g5900tcore_i7-8850hcore_i3-7100hcore_i9-8950hk_firmwarecore_i5-8400h_firmwarecore_i5-11600_firmwarexeon_e3-1240_v6_firmwarecore_i5-10400t_firmwarecore_i5-6350hq_firmwarecore_i3-10100_firmwarecore_i9-8950hkxeon_e3-1230_v6core_i9-10900tecore_i5-11600kxeon_e3-1501l_v6xeon_e-2378core_i5-10600tcore_i5-10600kf_firmwarecore_i7-7700k_firmwarecore_i5-7640xcore_i5-7500uxeon_w-1290_firmwarexeon_e-2386g_firmwarexeon_e-2176m_firmwarecore_i5-9400hcore_i9-10900e_firmwarexeon_e-2278g_firmwarexeon_e3-1240_v6celeron_g5205u_firmwarexeon_e3-1230_v5xeon_e3-1240_v5_firmwarepentium_gold_g6505tcore_i7-7660uxeon_e3-1275_v5_firmwarexeon_e-2278gel_firmwarecore_i3-6320tcore_i7-7700hqcore_i7-6820hq_firmwarexeon_e-2236_firmwarexeon_e-2244g_firmwarepentium_gold_g6500tcore_i3-10100t_firmwarecore_i7-10700f_firmwarecore_m3-7y30core_i5-8269u_firmwarecore_i3-6100t_firmwarecore_i3-10105xeon_e3-1505l_v6_firmwarexeon_e3-1285_v6pentium_g4400te_firmwareceleron_g4900tceleron_g3900tcore_i5-11400tcore_i7-11700kcore_i9-10900kf_firmwarecore_i7-8550uxeon_e-2276mlxeon_e3-1225_v5_firmwarecore_i7-10810u_firmwarexeon_e3-1245_v6_firmwarexeon_w-1350_firmwarecore_i3-7101e_firmwarecore_i9-9880h_firmwarexeon_e3-1270_v6core_i7-6700hqxeon_e3-1545m_v5core_i5-6500_firmwarecore_i3-7102e_firmwarexeon_e3-1515m_v5_firmwarecore_i3-8300pentium_gold_g6400t_firmwarexeon_e-2334_firmwarexeon_e-2276me_firmwarepentium_g4520tcore_i7-10700kfcore_i5-8400tcore_i5-6440hq_firmwarecore_i5-7500tceleron_g5905xeon_w-1370p_firmwarecore_i5-11600kf_firmwarexeon_e-2136_firmwarexeon_w-1270_firmwarexeon_e-2276mecore_i5-7y54core_i5-7400core_i3-6100te_firmwarecore_i7-8700b_firmwarecore_i5-9400f_firmwarexeon_e-2356g_firmwarecore_i7-8706g_firmwarecore_i3-10305t_firmwarecore_i5-7287uxeon_w-10855m_firmwarexeon_e-2146g_firmwarecore_i7-7660u_firmwarecore_i9-10850k_firmwarecore_i7-7920hqcore_i7-10700core_i5-6600_firmwarexeon_e-2126g_firmwarexeon_w-1350p_firmwarecore_i7-10610u_firmwareceleron_g4920_firmwareceleron_g3920_firmwarecore_i3-7020ucore_i5-11600k_firmwarecore_i3-8145u_firmwarecore_i5-8600k_firmwarexeon_e-2136xeon_w-1270pxeon_e-2378_firmwarecore_i3-8145ucore_i5-10400core_i3-7020u_firmwarecore_i7-7567uxeon_w-1250pcore_i7-8700kcore_i3-7130u_firmwarecore_i7-10870h_firmwarepentium_g4500t_firmwarecore_i7-7820eqcore_i3-6120tcore_i7-7820hqcore_i7-9700kceleron_g4920core_i7-11700kf_firmwarepentium_gold_g6405_firmwarepentium_g4420core_i7-6920hq_firmwarecore_i3-8109ucore_5405ucore_i5-8420tpentium_g4540core_i5-8200y_firmwarexeon_e-2144g_firmwarecore_i7-10700te_firmwarecore_i7-10700exeon_e3-1585l_v5core_i5-8350uceleron_g5305uxeon_e3-1275_v5core_i7-8750h_firmwarecore_i3-10100teceleron_g5205uxeon_e3-1558l_v5_firmwarepentium_gold_g5420t_firmwarecore_i5-10210u_firmwarexeon_e-2388gxeon_e-2226gcore_i5-7y57core_i7-6700teceleron_g5905tcore_i3-10100te_firmwarecore_i3-6120t_firmwarecore_i5-7260uxeon_e-2278gcore_i5-10600k_firmwarecore_i9-10900ecore_i5-8259u_firmwarexeon_e-2124core_i5-8250ucore_i5-8600xeon_e-2186g_firmwarepentium_g4540_firmwarecore_m3-8100y_firmwarecore_3965u_firmwarecore_i5-10500tecore_i7-6700_firmwarecore_i7-8559u_firmwarecore_i5-7500_firmwarecore_4205u_firmwarecore_i7-7500u_firmwarecore_i5-10210y_firmwarecore_i7-8700k_firmwarexeon_e-2184g_firmwarecore_i3-6100tecore_i3-8000core_i7-11700core_i5-11500celeron_g3900tecore_i7-8700bpentium_g4400t_firmwarecore_i5-10500tcore_i5-10600xeon_e3-1240l_v5_firmwarecore_i5-10500_firmwarexeon_e3-1501l_v6_firmwarexeon_e3-1260l_v5core_i5-10310ycore_i5-10310y_firmwarepentium_gold_g6500t_firmwarecore_i5-8259ucore_i5-11500t_firmwarexeon_e-2388g_firmwarepentium_gold_g6405ucore_i7-10700kxeon_e-2336xeon_e3-1575m_v5_firmwarexeon_e3-1225_v5core_i3-8109u_firmwarexeon_e-2186mxeon_e3-1558l_v5core_i5-11600t_firmwarecore_i9-9880hcore_i7-8705g_firmwarexeon_e-2286mcore_i5-7442eqxeon_w-1300core_i5-6400_firmwarecore_i3-8130ucore_i5-7500u_firmwarecore_i3-7167ucore_i3-8300tcore_i3-7340core_i5-11600tcore_i7-8650ucore_i5-10200hxeon_e3-1268l_v5xeon_e-2284gcore_i7-8705gcore_i9-9900kcore_i5-10400fxeon_e-2324g_firmwarecore_i7-7600uxeon_e-2278ge_firmwarecore_i3-7100epentium_gold_g6400_firmwarexeon_w-10855core_i5-9400_firmwarecore_i7-7510u_firmwarexeon_e3-1535m_v6core_i3-7101exeon_w-10885m_firmwarexeon_e-2276m_firmwarecore_i5-8400t_firmwarecore_i5-8400hxeon_e-2286m_firmwarexeon_e3-1245_v5core_i3-7120xeon_e3-1501m_v6_firmwarecore_i7-9750hfxeon_e-2176g_firmwarecore_i7-7820hkcore_i5-9300h_firmwarexeon_e-2254mlcore_i5-8305gcore_i3-6100celeron_g5900xeon_w-1390celeron_g3930tecore_i7-11700t_firmwarecore_i5-7400tcore_i5-11600core_i7-8750hcore_i3-6100tcore_i7-11700fcore_i7-8665ucore_i3-10305tcore_i5-7210u_firmwarexeon_e3-1275_v6_firmwarecore_i5-8300hxeon_w-1370_firmwarecore_i3-7101te_firmwarecore_i5-7440eq_firmwarecore_i5-8420core_i5-7360u_firmwarecore_i3-8350kcore_i5-10600kcore_i7-10850hcore_i3-7120tcore_i3-8120_firmwarecore_i7-8560u_firmwarecore_i5-10500te_firmwarecore_i3-8020_firmwarexeon_w-1290e_firmwarecore_i5-7y54_firmwarecore_i3-10300t_firmwarexeon_e3-1280_v6_firmwarexeon_w-1390p_firmwarecore_i5-8550core_i3-10100f_firmwarecore_i9-10900f_firmwarecore_m3-8100ycore_i5-7267ucore_i5-8600kcore_i3-7100ucore_i5-6442eqcore_i7-8700tcore_i7-6700k_firmwarecore_i5-7260u_firmwarecore_i7-11700txeon_e3-1245_v5_firmwarecore_i5-7300u_firmwarecore_i7-8700t_firmwarecore_i7-10700e_firmwarecore_i5-6500te_firmwarecore_i3-7120t_firmwarecore_i5-8600t_firmwarecore_i7-6700kcore_i7-6970hqcore_i3-7340_firmwarecore_i7-6822eqcore_i5-8500xeon_e-2184gcore_i9-11900tcore_i5-9400h_firmwarecore_i5-8210ycore_i5-10400f_firmwarepentium_g4420_firmwarecore_i7-8565u_firmwarecore_i7-8569ucore_i5-11400t_firmwarecore_i7-10700t_firmwarecore_i7-7700txeon_e3-1240_v5xeon_e-2336_firmwarexeon_w-1290tceleron_g3930te_firmwarecore_i7-8809gcore_i5-8500tcore_i3-10105_firmwarecore_i7-8650u_firmwarexeon_e3-1501m_v6core_i5-6400t_firmwarecore_i3-6300_firmwarecore_i7-10850h_firmwarexeon_e3-1535m_v5_firmwarexeon_e-2314core_i3-7110ucore_i5-6400tcore_i3-10305pentium_g4400tecore_i3-6100h_firmwarecore_i7-8700_firmwarexeon_w-1390pcore_i3-8300_firmwarecore_i5-8650_firmwareceleron_g3920tcore_i5-10505core_i7-6700core_i7-6820eqcore_i7-6920hqpentium_g4400tcore_i7-6820hkcore_i7-7560u_firmwarecore_i5-7600kpentium_g4400core_m3-7y30_firmwarecore_i7-10710ucore_i5-10210ycore_i5-10300hcore_i5-8350u_firmwarexeon_e-2276g_firmwarecore_i3-8020celeron_g5920_firmwareceleron_g3930e_firmwarexeon_e-2224pentium_gold_g6500xeon_e-2124_firmwareceleron_5305ucore_i7-11700f_firmwarexeon_w-1250_firmwarecore_i5-7500t_firmwarecore_i9-10900fceleron_g4900xeon_e-2278gelxeon_e3-1245_v6xeon_e-2378gcore_i3-8100tcore_i5-10200h_firmwarecore_i3-6100_firmwarecore_4410ycore_i9-10980hk_firmwarecore_i7-8670tcore_i5-10400_firmwarecore_i5-6600k_firmwarecore_i7-6700hq_firmwarexeon_e-2104gcore_i3-7102epentium_gold_g6505t_firmwarexeon_e3-1268l_v5_firmwarecore_4415y_firmwarexeon_e-2276gceleron_g5305u_firmwareceleron_g3900_firmwarecore_i7-10700fcore_i5-9600k_firmwarecore_i9-10900k_firmwarecore_i7-8750hf_firmwareIntel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20355
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.45%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:23
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8744
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.55%
||
7 Day CHG~0.00%
Published-29 Dec, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.

Action-Not Available
Vendor-n/aDebian GNU/LinuxQEMU
Product-debian_linuxqemun/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21284
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.06%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Virtual Trusted Platform Module Denial of Service Vulnerability

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_10_21h2windows_server_2022_23h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10054
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.62%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rtls_locating_managerSIMATIC RTLS Locating Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0567
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.52%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 20:51
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.

Action-Not Available
Vendor-Intel Corporation
Product-graphics_driverIntel(R) Graphics Drivers
CWE ID-CWE-20
Improper Input Validation
CVE-2019-10535
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.37%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, APQ8098, MDM9640, MSM8996AU, MSM8998, QCA6574AU, QCN7605, QCS405, QCS605, SDA845, SDM845, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwareapq8096aumsm8996au_firmwareqcs405_firmwaresda845_firmwareapq8098_firmwaresdm845apq8098sdx20msm8998_firmwareqcn7605qcs605qcs405apq8053qca6574auapq8096au_firmwaremdm9640msm8996aumsm8998sdx20_firmwareqca6574au_firmwareqcn7605_firmwareapq8053_firmwareqcs605_firmwaresda845sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2025-29955
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.77% / 73.69%
||
7 Day CHG-0.30%
Published-13 May, 2025 | 16:59
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_24h2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1450
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.08%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:31
Updated-08 Nov, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin.

Action-Not Available
Vendor-Linux Kernel Organization, IncCisco Systems, Inc.Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelanyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0418
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.92%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 14:43
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidMT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0417
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.92%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 14:43
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidMT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2019-0149
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 34.63%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 18:24
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_controller_x710-at2_firmwareethernet_controller_x710-tm4_firmwareethernet_controller_x710-bm2_firmwareethernet_controller_710-bm1ethernet_controller_xxv710-am2ethernet_controller_xxv710-am1_firmwareethernet_controller_xxv710-am1ethernet_controller_x710-bm2ethernet_controller_xxv710-am2_firmwareethernet_700_series_softwareethernet_controller_x710-at2ethernet_controller_710-bm1_firmwareethernet_controller_x710-tm42019.2 IPU – Intel(R) Ethernet 700 Series Controllers
CWE ID-CWE-20
Improper Input Validation
CVE-2024-20394
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.03%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 17:21
Updated-04 Aug, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-appdynamicsCisco AppDynamics
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4004
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.91%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:15
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit.

Action-Not Available
Vendor-shimovpnn/a
Product-shimo_vpnShimo VPN
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4053
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 16.66%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 15:35
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable.

Action-Not Available
Vendor-gogGOG.COM
Product-galaxyGOG Galaxy
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4046
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.41%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit.

Action-Not Available
Vendor-macpawn/a
Product-cleanmymac_xClean My Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2018-3634
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.15%
||
7 Day CHG~0.00%
Published-15 May, 2018 | 14:00
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access.

Action-Not Available
Vendor-Intel Corporation
Product-online_connect_accessOnline Connect Access
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0220
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 19:46
Updated-06 Aug, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.

Action-Not Available
Vendor-Apple Inc.
Product-bonjourBonjour
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24502
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:38
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_network_adapter_e810-cqda1_for_ocp_3.0ethernet_network_adapter_e810-cqda1_for_ocpethernet_network_adapter_e810-cqda2ethernet_network_adapter_e810-xxvda2ethernet_network_adapter_e810-xxvda2_for_ocpethernet_network_adapter_e810-xxvda4ethernet_network_adapter_e810-cqda1ethernet_network_adapter_e810-xxvda2_for_ocp_3.0ethernet_network_adapter_e810_firmwareethernet_network_adapter_e810-cqda2_for_ocp_3.0Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15292
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.60%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 16:45
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333)

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.

Action-Not Available
Vendor-Bitdefender
Product-hypervisor_introspectionHypervisor Introspection
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12960
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.88%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 19:47
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13602
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-4||MEDIUM
EPSS-0.11% / 29.28%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 21:40
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Denial of Service in LwM2M do_write_op_tlv

Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12363
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 00:00
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncIntel Corporation
Product-graphics_driverslinux_kernelIntel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1084
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.75%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2023-45169
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.15%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 02:03
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX denial of service

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIX
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found