ReportizFlow
Filtered by vendor
Subscriptions
Total
186 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9588 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-12 | N/A |
| arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. | ||||
| CVE-2015-3221 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2025-04-12 | N/A |
| OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. | ||||
| CVE-2025-20663 | 1 Mediatek | 5 Mt7915, Mt7916, Mt7981 and 2 more | 2025-04-11 | 7.5 High |
| In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031. | ||||
| CVE-2025-20664 | 1 Mediatek | 7 Mt7915, Mt7916, Mt7981 and 4 more | 2025-04-11 | 7.5 High |
| In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773. | ||||
| CVE-2023-0158 | 1 Nlnetlabs | 1 Krill | 2025-04-04 | 7.5 High |
| NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated. | ||||
| CVE-2023-0790 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 7.6 High |
| Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2025-20637 | 1 Mediatek | 3 Mt7981, Mt7986, Software Development Kit | 2025-03-17 | 7.5 High |
| In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380. | ||||
| CVE-2023-22477 | 1 Mercurius Project | 1 Mercurius | 2025-03-11 | 5.3 Medium |
| Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions. | ||||
| CVE-2023-23932 | 1 Objectcomputing | 1 Opendds | 2025-03-11 | 5.3 Medium |
| OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1. | ||||
| CVE-2023-20628 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6739 and 39 more | 2025-03-06 | 6.7 Medium |
| In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460. | ||||
| CVE-2023-22941 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 6.5 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). | ||||
| CVE-2024-13417 | 2025-02-21 | 4.6 Medium | ||
| Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS. | ||||
| CVE-2025-24836 | 2025-02-14 | 7.1 High | ||
| With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition. | ||||
| CVE-2025-20097 | 2025-02-13 | 4.3 Medium | ||
| Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access. | ||||
| CVE-2023-39948 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2025-02-13 | 7.5 High |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. | ||||
| CVE-2023-31125 | 1 Socket | 1 Engine.io | 2025-02-13 | 6.5 Medium |
| Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version. | ||||
| CVE-2023-39945 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2025-02-13 | 8.2 High |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. | ||||
| CVE-2023-6533 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. | ||||
| CVE-2023-6640 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | ||||
| CVE-2023-21087 | 1 Google | 1 Android | 2025-02-05 | 5.5 Medium |
| In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 | ||||