Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-6052

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-27 May, 2026 | 13:09
Updated At-27 May, 2026 | 15:22
Rejected At-
Credits

IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:27 May, 2026 | 13:09
Updated At:27 May, 2026 | 15:22
Rejected At:
▼CVE Numbering Authority (CNA)
IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

Affected Products
Vendor
IBM CorporationIBM
Product
Db2
CPEs
  • cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
Versions
Affected
  • From 11.5.0 through 11.5.9 (semver)
  • From 12.1.0 through 12.1.4 (semver)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability. ReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 V12.1 TBD https://www.ibm.com/support/pages/node/7267513 IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

Configurations
Workarounds

Do not use Multi-Clustering-Dimensional (MDC) tables

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7273557
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7273557
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:27 May, 2026 | 14:17
Updated At:28 May, 2026 | 15:51

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
IBM Corporation
ibm
>>db2>>Versions from 11.5.0(inclusive) to 11.5.9(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*
IBM Corporation
ibm
>>db2>>Versions from 12.1.0(inclusive) to 12.1.4(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*
IBM Corporation
ibm
>>aix>>-
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>linux_on_ibm_z>>-
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-400
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7273557psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7273557
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2420Records found
CVE-2019-11479
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5.3||MEDIUM
EPSS-13.36% / 94.30%
||
7 Day CHG~0.00%
Published-18 Jun, 2019 | 23:34
Updated-16 Sep, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncF5, Inc.
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linuxvirtualization_hostbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systemiworkflowbig-ip_application_security_managerbig-ip_edge_gatewaylinux_kernelbig-ip_link_controllerbig-iq_centralized_managemententerprise_managerbig-ip_access_policy_managertraffix_signaling_delivery_controllerbig-ip_advanced_firewall_managerLinux kernel
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-50308
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.45%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 18:44
Updated-10 Jun, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kerneldb2linux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0972
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-17.44% / 95.18%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Security Authority Subsystem Service Denial of Service Vulnerability

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CVE-2018-8409
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-14.35% / 94.52%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

Action-Not Available
Vendor-Microsoft Corporation
Product-system.io.pipelinesasp.net_core.net_coreSystem.IO.PipelinesASP.NET Core.NET Core
CVE-2023-47746
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 22.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 18:42
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxlinux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-47711
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.04% / 11.07%
||
7 Day CHG~0.00%
Published-11 May, 2024 | 13:18
Updated-14 Jan, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium denial of service

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-46167
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.41%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:04
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46838
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-7.5||HIGH
EPSS-0.22% / 45.03%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 10:18
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux: netback processing of zero-length transmit fragment

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.

Action-Not Available
Vendor-Fedora ProjectLinux Kernel Organization, IncDebian GNU/Linux
Product-fedoradebian_linuxlinux_kernelLinux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-47264
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 34.74%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.

Action-Not Available
Vendor-n/aApple Inc.WithSecure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-45178
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-03 Dec, 2023 | 17:29
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-43765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.86%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aF-Secure CorporationLinux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/alinux_security_64server_securityclient_securityelements_endpoint_protectionatlantemail_and_server_securitylinux_protection
CVE-2023-43760
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.86%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Action-Not Available
Vendor-n/aApple Inc.F-Secure CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_security_64server_securitylinux_kernelclient_securityelements_endpoint_protectionatlantwindowsmacosemail_and_server_securitylinux_protectionn/a
CVE-2023-40687
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.45%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:10
Updated-13 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40374
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.01%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 22:47
Updated-13 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-40373
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.01%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 23:08
Updated-13 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38036
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-23.74% / 96.10%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_11Windows Server 2022Windows 11 version 21H2
CVE-2023-39228
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.73%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2023-38131
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 34.74%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38720
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.98%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:52
Updated-12 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

Action-Not Available
Vendor-opengroupMicrosoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38403
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 80.29%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 00:00
Updated-27 Nov, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

Action-Not Available
Vendor-esn/aFedora ProjectApple Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-clustered_data_ontapdebian_linuxlinux_kernelontap_select_deploy_administration_utilityfedoraiperf3macosn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-69624
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-23 Apr, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF.

Action-Not Available
Vendor-gonitron/aMicrosoft Corporation
Product-nitro_pdf_prowindowsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38727
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 01:08
Updated-13 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38728
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 14.31%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 21:27
Updated-13 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-38172
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.87% / 86.52%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-27 Feb, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-126
Buffer Over-read
CVE-2023-38171
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-8.30% / 92.38%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft QUIC Denial of Service Vulnerability

Microsoft QUIC Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2visual_studio_2022windows_server_2022.net.NET 7.0Microsoft Visual Studio 2022 version 17.6PowerShell 7.3Windows 11 version 22H2Windows 11 version 21H2Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.7Windows Server 2022Microsoft Visual Studio 2022 version 17.2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-36720
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 67.49%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mixed Reality Developer Tools Denial of Service Vulnerability

Windows Mixed Reality Developer Tools Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2016Windows Server 2019Windows 10 Version 21H2
CVE-2023-36709
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.75% / 88.22%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AllJoyn API Denial of Service Vulnerability

Microsoft AllJoyn API Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2016Windows Server 2019Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-36912
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.31% / 89.06%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-27 Feb, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36566
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-8.32% / 92.40%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Common Data Model SDK Denial of Service Vulnerability

Microsoft Common Data Model SDK Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-common_data_model_sdkMicrosoft Common Data Model SDK for C#Microsoft Common Data Model SDK for PythonMicrosoft Common Data Model SDK for JavaMicrosoft Common Data Model SDK for TypeScript
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36395
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.22% / 79.36%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-08 Oct, 2025 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Deployment Services Denial of Service Vulnerability

Windows Deployment Services Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-35638
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 76.96%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Denial of Service Vulnerability

DHCP Server Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-126
Buffer Over-read
CVE-2023-35330
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 79.27%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Extended Negotiation Denial of Service Vulnerability

Windows Extended Negotiation Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-126
Buffer Over-read
CVE-2023-36603
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.75% / 88.22%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Denial of Service Vulnerability

Windows TCP/IP Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-35621
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.40%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Dynamics 365 for Finance and Operations
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2023-36581
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.10%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-126
Buffer Over-read
CVE-2023-35318
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.48% / 87.77%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35321
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.44% / 87.69%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Deployment Services Denial of Service Vulnerability

Windows Deployment Services Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-170
Improper Null Termination
CVE-2023-35314
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.48% / 87.77%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35319
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.48% / 87.77%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36585
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.67% / 88.09%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows upnphost.dll Denial of Service Vulnerability

Windows upnphost.dll Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_10_21h1windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36010
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.32% / 87.49%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender Denial of Service Vulnerability

Microsoft Defender Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-malware_protection_platformMicrosoft Malware Protection Platform
CVE-2023-35077
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-1.70% / 82.61%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 20:51
Updated-24 Oct, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsendpoint_managerEndpoint Managerendpoint_manager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 70.93%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 16:55
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.

Action-Not Available
Vendor-avastn/aMicrosoft Corporation
Product-windowsantivirusn/a
CVE-2020-0612
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-10.03% / 93.19%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019Windows Server
CVE-2017-7645
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.01% / 94.88%
||
7 Day CHG~0.00%
Published-18 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0660
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-7.65% / 92.01%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:22
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CVE-2020-1469
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-6.19% / 90.98%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-bondBond 9.0.1
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-4141
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 58.16%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 14:00
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clustering code. IBM X-Force ID: 158337.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqwebsphere_mq_applianceMQ
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-4560
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 15:45
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ
CVE-2023-32013
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 54.83%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • ...
  • 17
  • 18
  • 19
  • ...
  • 48
  • 49
  • Next
Details not found