Search
Total
332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50019 | 1 Open5gs | 1 Open5gs | 2024-01-11 | N/A | 5.9 MEDIUM |
| An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. | |||||
| CVE-2023-5824 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2024-01-08 | N/A | 7.5 HIGH |
| Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. | |||||
| CVE-2023-6866 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 8.8 HIGH |
| TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-52075 | 1 Revanced | 1 Revanced | 2024-01-04 | N/A | 7.5 HIGH |
| ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching. | |||||
| CVE-2020-16895 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-31 | 7.2 HIGH | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles process crashes.</p> | |||||
| CVE-2023-48232 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-12-27 | N/A | 4.3 MEDIUM |
| Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2013-4584 | 2 Debian, Horms | 2 Debian Linux, Perdition | 2023-12-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections | |||||
| CVE-2023-41151 | 2 Microsoft, Softing | 4 Windows, Opc, Opc Ua C\+\+ Software Development Kit and 1 more | 2023-12-19 | N/A | 7.5 HIGH |
| An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. | |||||
| CVE-2023-50728 | 2 Octokit, Probot | 4 App, Octokit, Webhooks and 1 more | 2023-12-19 | N/A | 7.5 HIGH |
| octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3. | |||||
| CVE-2023-47100 | 1 Perl | 1 Perl | 2023-12-14 | N/A | 9.8 CRITICAL |
| In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. | |||||
| CVE-2023-5090 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-13 | N/A | 5.5 MEDIUM |
| A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. | |||||
| CVE-2023-6599 | 1 Microweber | 1 Microweber | 2023-12-12 | N/A | 4.3 MEDIUM |
| Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2020-25236 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2023-12-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset. | |||||
| CVE-2023-42578 | 1 Samsung | 1 Cloud | 2023-12-11 | N/A | 7.5 HIGH |
| Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. | |||||
| CVE-2023-42559 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 5.2 MEDIUM |
| Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. | |||||
| CVE-2017-5664 | 1 Apache | 1 Tomcat | 2023-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. | |||||
| CVE-2023-46673 | 1 Elastic | 1 Elasticsearch | 2023-11-30 | N/A | 7.5 HIGH |
| It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. | |||||
| CVE-2022-23121 | 2 Debian, Netatalk | 2 Debian Linux, Netatalk | 2023-11-22 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819. | |||||
| CVE-2023-22292 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 7.8 HIGH |
| Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-44488 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2023-11-16 | N/A | 7.5 HIGH |
| VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | |||||
| CVE-2021-23886 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2023-11-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory. | |||||
| CVE-2023-38406 | 1 Frrouting | 1 Frrouting | 2023-11-14 | N/A | 9.8 CRITICAL |
| bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | |||||
| CVE-2023-41378 | 1 Tigera | 3 Calico Cloud, Calico Enterprise, Calico Os | 2023-11-14 | N/A | 7.5 HIGH |
| In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. | |||||
| CVE-2023-43087 | 1 Dell | 1 Powerscale Onefs | 2023-11-09 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. | |||||
| CVE-2023-39801 | 1 Renault | 2 Easy Link, Zoe Ev 2021 | 2023-08-29 | N/A | 4.6 MEDIUM |
| A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting a device to the vehicle's USB plug and play feature. | |||||
| CVE-2023-39341 | 4 Ffri, Nec, Skygroup and 1 more | 8 Dual Safe, Ffri Yarai, Actsecure X Managed Security Service and 5 more | 2023-08-22 | N/A | 3.3 LOW |
| "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0). | |||||
| CVE-2023-28768 | 1 Zyxel | 22 Xgs2220-30, Xgs2220-30 Firmware, Xgs2220-30f and 19 more | 2023-08-21 | N/A | 6.5 MEDIUM |
| Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch. | |||||
| CVE-2018-16781 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. | |||||
| CVE-2021-34787 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more | 2023-08-16 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts. | |||||
| CVE-2019-12677 | 1 Cisco | 11 Adaptive Security Appliance Software, Asa 5505, Asa 5510 and 8 more | 2023-08-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. The vulnerability is due to incorrect handling of Base64-encoded strings. An attacker could exploit this vulnerability by opening many SSL VPN sessions to an affected device. The attacker would need to have valid user credentials on the affected device to exploit this vulnerability. A successful exploit could allow the attacker to overwrite a special system memory location, which will eventually result in memory allocation errors for new SSL/TLS sessions to the device, preventing successful establishment of these sessions. A reload of the device is required to recover from this condition. Established SSL/TLS connections to the device and SSL/TLS connections through the device are not affected. Note: Although this vulnerability is in the SSL VPN feature, successful exploitation of this vulnerability would affect all new SSL/TLS sessions to the device, including management sessions. | |||||
| CVE-2022-24448 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-08-08 | 1.9 LOW | 3.3 LOW |
| An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. | |||||
| CVE-2022-32655 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. | |||||
| CVE-2022-44698 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-08 | N/A | 5.4 MEDIUM |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||
| CVE-2021-0928 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 | |||||
| CVE-2022-32658 | 1 Mediatek | 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059. | |||||
| CVE-2021-38003 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-46828 | 2 Debian, Libtirpc Project | 2 Debian Linux, Libtirpc | 2023-08-08 | N/A | 7.5 HIGH |
| In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. | |||||
| CVE-2022-32659 | 2 Mediatek, Thelinuxfoundation | 25 Mt7603, Mt7603 Firmware, Mt7613 and 22 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066. | |||||
| CVE-2021-32066 | 2 Oracle, Ruby-lang | 2 Jd Edwards Enterpriseone Tools, Ruby | 2023-08-08 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | |||||
| CVE-2022-32657 | 1 Mediatek | 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042. | |||||
| CVE-2022-20414 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 | |||||
| CVE-2021-37078 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. | |||||
| CVE-2022-20500 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168 | |||||
| CVE-2021-22406 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. | |||||
| CVE-2022-20253 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.5 MEDIUM |
| In Bluetooth, there is a possible cleanup failure due to an uncaught exception. This could lead to remote denial of service in Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545125 | |||||
| CVE-2022-47933 | 1 Brave | 1 Brave | 2023-08-08 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc. | |||||
| CVE-2022-25917 | 1 Intel | 5 M50cyp, M50cyp1ur204 Firmware, M50cyp1ur212 Firmware and 2 more | 2023-08-08 | N/A | 4.4 MEDIUM |
| Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2022-20854 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2023-08-08 | N/A | 7.5 HIGH |
| A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device. | |||||
| CVE-2022-22300 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. | |||||
| CVE-2023-38419 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2023-08-07 | N/A | 4.3 MEDIUM |
| An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||