Total
514 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5170 | 3 Debian, Fedoraproject, Redhat | 8 Debian Linux, Fedora Core, Enterprise Linux and 5 more | 2025-04-09 | 7.5 HIGH | N/A |
| pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. | |||||
| CVE-2023-4540 | 1 Daurnimator | 1 Lua-http | 2025-04-04 | N/A | 7.5 HIGH |
| Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283. | |||||
| CVE-2020-7247 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | |||||
| CVE-2022-32655 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2025-03-26 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. | |||||
| CVE-2024-12704 | 2025-03-20 | N/A | 7.5 HIGH | ||
| A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely. | |||||
| CVE-2022-48329 | 1 Misp | 1 Misp | 2025-03-18 | N/A | 9.8 CRITICAL |
| MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | |||||
| CVE-2024-36730 | 1 Oneflow | 1 Oneflow | 2025-03-14 | N/A | 7.5 HIGH |
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter. | |||||
| CVE-2023-42509 | 1 Jfrog | 1 Artifactory | 2025-03-11 | N/A | 6.6 MEDIUM |
| JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data. | |||||
| CVE-2023-50212 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | N/A | 6.5 MEDIUM |
| D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper handling of error conditions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-21664. | |||||
| CVE-2023-20993 | 1 Google | 1 Android | 2025-02-24 | N/A | 7.8 HIGH |
| In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261588851 | |||||
| CVE-2023-24308 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-02-19 | N/A | 7.8 HIGH |
| A potential memory vulnerability due to insufficient input validation in PDFXEditCore.x64.dll in PDF-XChange Editor version 9.3 by Tracker Software may allow attackers to execute code when a user opens a crafted PDF file. The issue occurs when handling a large number of objects in a PDF file. | |||||
| CVE-2024-30380 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-02-07 | N/A | 6.5 MEDIUM |
| An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV. The l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service. Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: all versions before 20.4R3-S9, from 21.2 before 21.2R3-S7, from 21.3 before 21.3R3-S5, from 21.4 before 21.4R3-S4, from 22.1 before 22.1R3-S4, from 22.2 before 22.2R3-S2, from 22.3 before 22.3R2-S2, 22.3R3-S1, from 22.4 before 22.4R2-S2, 22.4R3, from 23.2 before 23.2R1-S1, 23.2R2; Junos OS Evolved: all versions before 21.2R3-S7, from 21.3 before 21.3R3-S5-EVO, from 21.4 before 21.4R3-S5-EVO, from 22.1 before 22.1R3-S4-EVO, from 22.2 before 22.2R3-S2-EVO, from 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO, from 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO, from 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO. | |||||
| CVE-2024-39555 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-02-07 | N/A | 7.5 HIGH |
| An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition. Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset: BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list) Only systems with segment routing enabled are vulnerable to this issue. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session. This issue affects: Junos OS: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. | |||||
| CVE-2024-30382 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-02-06 | N/A | 7.5 HIGH |
| An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO. | |||||
| CVE-2022-25917 | 1 Intel | 5 M50cyp, M50cyp1ur204 Firmware, M50cyp1ur212 Firmware and 2 more | 2025-02-05 | N/A | 6.0 MEDIUM |
| Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2021-38363 | 1 Opennetworking | 1 Onos | 2025-02-05 | N/A | 7.5 HIGH |
| An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process. | |||||
| CVE-2021-38003 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2023-23837 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | N/A | 7.5 HIGH |
| No exception handling vulnerability which revealed sensitive or excessive information to users. | |||||
| CVE-2022-27978 | 1 Tooljet | 1 Tooljet | 2025-02-03 | N/A | 7.5 HIGH |
| Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. | |||||
| CVE-2024-12236 | 2025-01-30 | N/A | N/A | ||
| A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected. | |||||