Filtered by CWE-755
Filtered by vendor Subscriptions
Total 527 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-6599 1 Microweber 1 Microweber 2024-11-21 4.3 Medium
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5090 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2024-11-21 6 Medium
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.
CVE-2023-52075 1 Revanced 1 Revanced 2024-11-21 7.5 High
ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching.
CVE-2023-50728 2 Octokit, Probot 4 App, Octokit, Webhooks and 1 more 2024-11-21 5.4 Medium
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.
CVE-2023-50212 2024-11-21 N/A
D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper handling of error conditions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-21664.
CVE-2023-50019 1 Open5gs 1 Open5gs 2024-11-21 5.9 Medium
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.
CVE-2023-4540 1 Daurnimator 1 Lua-http 2024-11-21 7.5 High
Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283.
CVE-2023-4537 1 Comarch 1 Erp Xl 2024-11-21 7.4 High
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2.
CVE-2023-48232 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 3.9 Low
Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-47100 1 Perl 1 Perl 2024-11-21 9.8 Critical
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
CVE-2023-46673 1 Elastic 1 Elasticsearch 2024-11-21 6.5 Medium
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
CVE-2023-46297 2024-11-21 5.1 Medium
An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior.
CVE-2023-45820 1 Monospace 1 Directus 2024-11-21 5.9 Medium
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.
CVE-2023-44488 4 Debian, Fedoraproject, Redhat and 1 more 8 Debian Linux, Fedora, Enterprise Linux and 5 more 2024-11-21 7.5 High
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-43251 1 Xnview 1 Nconvert 2024-11-21 7.8 High
XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVE-2023-43087 1 Dell 1 Powerscale Onefs 2024-11-21 4.3 Medium
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.
CVE-2023-42578 1 Samsung 1 Cloud 2024-11-21 6.5 Medium
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.
CVE-2023-42559 1 Samsung 1 Android 2024-11-21 4.9 Medium
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
CVE-2023-42509 2024-11-21 6.6 Medium
JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.
CVE-2023-41378 1 Tigera 3 Calico Cloud, Calico Enterprise, Calico Os 2024-11-21 7.5 High
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.