Filtered by vendor
Subscriptions
Total
527 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-6599 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 Medium |
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. | ||||
CVE-2023-5090 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-11-21 | 6 Medium |
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. | ||||
CVE-2023-52075 | 1 Revanced | 1 Revanced | 2024-11-21 | 7.5 High |
ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching. | ||||
CVE-2023-50728 | 2 Octokit, Probot | 4 App, Octokit, Webhooks and 1 more | 2024-11-21 | 5.4 Medium |
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3. | ||||
CVE-2023-50212 | 2024-11-21 | N/A | ||
D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper handling of error conditions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-21664. | ||||
CVE-2023-50019 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 5.9 Medium |
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. | ||||
CVE-2023-4540 | 1 Daurnimator | 1 Lua-http | 2024-11-21 | 7.5 High |
Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283. | ||||
CVE-2023-4537 | 1 Comarch | 1 Erp Xl | 2024-11-21 | 7.4 High |
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||||
CVE-2023-48232 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 3.9 Low |
Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-47100 | 1 Perl | 1 Perl | 2024-11-21 | 9.8 Critical |
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. | ||||
CVE-2023-46673 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 6.5 Medium |
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. | ||||
CVE-2023-46297 | 2024-11-21 | 5.1 Medium | ||
An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior. | ||||
CVE-2023-45820 | 1 Monospace | 1 Directus | 2024-11-21 | 5.9 Medium |
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets. | ||||
CVE-2023-44488 | 4 Debian, Fedoraproject, Redhat and 1 more | 8 Debian Linux, Fedora, Enterprise Linux and 5 more | 2024-11-21 | 7.5 High |
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | ||||
CVE-2023-43251 | 1 Xnview | 1 Nconvert | 2024-11-21 | 7.8 High |
XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | ||||
CVE-2023-43087 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 4.3 Medium |
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. | ||||
CVE-2023-42578 | 1 Samsung | 1 Cloud | 2024-11-21 | 6.5 Medium |
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. | ||||
CVE-2023-42559 | 1 Samsung | 1 Android | 2024-11-21 | 4.9 Medium |
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. | ||||
CVE-2023-42509 | 2024-11-21 | 6.6 Medium | ||
JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data. | ||||
CVE-2023-41378 | 1 Tigera | 3 Calico Cloud, Calico Enterprise, Calico Os | 2024-11-21 | 7.5 High |
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. |