CWE-170: CWE-170

Total CVEs

Critical

High

8.7

Avg CVSS

Yearly Trend

2025

2024

2021

Top Affected Vendors

1 Siemens 4

2 Cisco 3

3 Envoyproxy 1

4 Netapp 1

5 Nvidia 1

6 Nodejs 1

7 Oracle 1

8 Drivelock 1

All CWE-170 CVEs (12)

CVE-2021-1411

9.9

Multiple vulnerabilities in Cisco Jabber across Windows, macOS, and mobile platforms could allow attackers to execute arbitrary code with elevated pri...

Mar 24, 2021

CVE-2021-1418

9.9

Multiple vulnerabilities in Cisco Jabber across Windows, macOS, and mobile platforms allow attackers to execute arbitrary code with elevated privilege...

Mar 24, 2021

CVE-2021-1469

9.9

Multiple vulnerabilities in Cisco Jabber across Windows, macOS, and mobile platforms allow attackers to execute arbitrary code with elevated privilege...

Mar 24, 2021

CVE-2021-31884

9.8

This vulnerability affects Siemens building automation controllers and related products. It allows attackers to exploit a DHCP client flaw where the h...

Nov 9, 2021

CVE-2021-31886

9.8

This vulnerability allows attackers to exploit a stack-based buffer overflow in the FTP server of Siemens building automation controllers by sending o...

Nov 9, 2021

CVE-2021-22931

9.8

Node.js DNS library vulnerability allows remote code execution, XSS, and application crashes due to improper validation of DNS responses. Attackers ca...

Aug 16, 2021

CVE-2021-31888

8.8

This vulnerability affects Siemens building automation controllers and related products. It allows attackers to exploit a buffer overflow in the FTP s...

Nov 9, 2021

CVE-2024-45288

8.4

CVE-2024-45288 is a buffer overflow vulnerability in libnv where missing null-termination in nvlist array strings allows writing beyond allocated memo...

Sep 5, 2024

CVE-2025-67790

7.5

An unprivileged user can cause a Blue Screen of Death (BSOD) on Windows computers running vulnerable DriveLock versions by sending a specific IOCTL wi...

Dec 17, 2025

CVE-2021-1120

7.0

This vulnerability in NVIDIA vGPU software allows a guest operating system to pass improperly terminated strings to the Virtual GPU Manager plugin. Th...

Oct 29, 2021

CVE-2025-66220

5.0

Envoy's mTLS certificate matcher incorrectly validates certificates with embedded null bytes in OTHERNAME SAN values, potentially allowing unauthorize...

Dec 3, 2025

CVE-2025-2026

N/A

This vulnerability allows authenticated remote attackers with web read-only privileges to execute null byte injection through the NPort device's web A...

Dec 31, 2025

About CWE-170 (CWE-170)

Our database tracks 12 CVEs classified as CWE-170, with 6 rated critical and 4 rated high severity. The average CVSS score for CWE-170 vulnerabilities is 8.7.

External reference: View CWE-170 on MITRE CWE →

Monitor CWE-170 Vulnerabilities

Get alerted when new CWE-170 CVEs affect your infrastructure.

Start Monitoring Free