CVE-2024-43474
7.6HIGH
Microsoft SQL Server Information Disclosure Vulnerability
Microsoft SQL Server Information Disclosure Vulnerability
9/10/2024CWE-170
Tipo de Debilidad
CWE-170
Todas las vulnerabilidades CVE clasificadas bajo este tipo de debilidad.
Ver en MITRE CWETotal CVEs
25
Críticos
6
En KEV
0
Con Exploits
0
CVE-2023-28263
5.5MEDIUM
Visual Studio Information Disclosure Vulnerability
Visual Studio Information Disclosure Vulnerability
4/11/2023CWE-170
CVE-2023-35321
6.5MEDIUM
Windows Deployment Services Denial of Service Vulnerability
Windows Deployment Services Denial of Service Vulnerability
7/11/2023CWE-170
CVE-2024-45288
8.4HIGH
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.
9/5/2024CWE-170, CWE-787
CVE-2024-21442
7.8HIGH
Windows USB Print Driver Elevation of Privilege Vulnerability
Windows USB Print Driver Elevation of Privilege Vulnerability
3/12/2024CWE-170
CVE-2024-31197
5.3MEDIUM
Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This is
Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This is...
9/18/2024CWE-170
CVE-2023-36907
5.5MEDIUM
Windows Cryptographic Services Information Disclosure Vulnerability
Windows Cryptographic Services Information Disclosure Vulnerability
8/8/2023CWE-170
CVE-2023-36906
5.5MEDIUM
Windows Cryptographic Services Information Disclosure Vulnerability
Windows Cryptographic Services Information Disclosure Vulnerability
8/8/2023CWE-170
CVE-2023-24021
7.5HIGH
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules ...
1/20/2023CWE-170
CVE-2022-47515
7.5HIGH
An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error.
An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error.
12/18/2022CWE-170
CVE-2026-21488
6.1MEDIUM
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Nu
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Nu...
1/6/2026CWE-122, CWE-125 +1
CVE-2025-67790
7.5HIGH
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by...
12/17/2025CWE-170
CVE-2019-8275
9.8CRITICAL
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitabl
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitabl...
3/8/2019CWE-170
CVE-2021-1469
9.9CRITICAL
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy...
3/24/2021CWE-170, CWE-20
CVE-2020-14323
5.5MEDIUM
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing ...
10/29/2020CWE-170, CWE-476
CVE-2025-66220
5.0MEDIUM
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certif
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certif...
12/3/2025CWE-170
CVE-2021-1120
7.0HIGH
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no abi
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no abi...
10/29/2021CWE-170
CVE-2021-1417
9.9CRITICAL
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy...
3/24/2021CWE-170
CVE-2021-1411
9.9CRITICAL
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy...
3/24/2021CWE-170
CVE-2021-1471
9.9CRITICAL
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy...
3/24/2021CWE-170, CWE-295
CVE-2021-1418
9.9CRITICAL
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating sy...
3/24/2021CWE-170
CVE-2025-2026
NONE
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead ...
12/31/2025CWE-170
CVE-2019-11044
3.7LOW
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to...
12/23/2019CWE-170
CVE-2024-31484
7.8HIGH
A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communi
A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communi...
5/14/2024CWE-170
CVE-2025-61912
5.3MEDIUM
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by ...
10/10/2025CWE-116, CWE-170