Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29076 | 2024-11-15 | N/A | 5.5 MEDIUM | ||
| Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-51750 | 2024-11-13 | N/A | 5.0 MEDIUM | ||
| Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85. | |||||
| CVE-2024-51518 | 1 Huawei | 1 Harmonyos | 2024-11-06 | N/A | 7.5 HIGH |
| Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-26586 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-10-29 | N/A | 6.5 MEDIUM |
| Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2021-33145 | 2024-10-25 | N/A | 7.2 HIGH | ||
| Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-23774 | 1 Motorola | 4 Ebts Site Controller, Ebts Site Controller Firmware, Mbts Site Controller and 1 more | 2024-10-03 | N/A | 8.4 HIGH |
| Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device. | |||||
| CVE-2024-3052 | 2024-09-27 | N/A | 7.5 HIGH | ||
| Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. | |||||
| CVE-2024-3051 | 2024-09-27 | N/A | 7.5 HIGH | ||
| Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | |||||
| CVE-2023-6640 | 2024-09-27 | N/A | 6.5 MEDIUM | ||
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | |||||
| CVE-2023-6533 | 2024-09-27 | N/A | 6.5 MEDIUM | ||
| Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. | |||||
| CVE-2023-5310 | 1 Silabs | 3 Z-wave Long Range 700, Z-wave Long Range 800, Z-wave Software Development Kit | 2024-09-27 | N/A | 6.5 MEDIUM |
| A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. | |||||
| CVE-2023-3774 | 2024-09-26 | N/A | 4.9 MEDIUM | ||
| An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9. | |||||
| CVE-2024-31217 | 1 Strapi | 1 Strapi | 2024-09-26 | N/A | 6.5 MEDIUM |
| Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch. | |||||
| CVE-2024-33848 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 5.5 MEDIUM |
| Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-28835 | 2024-09-16 | N/A | 5.0 MEDIUM | ||
| A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. | |||||
| CVE-2024-42037 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-13 | N/A | 6.2 MEDIUM |
| Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52342 | 2024-08-26 | N/A | N/A | ||
| In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2024-43357 | 2024-08-19 | N/A | 8.6 HIGH | ||
| ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference. The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants. The ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory's public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section. ## References - https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727 - https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 - https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq - https://bugs.webkit.org/show_bug.cgi?id=275407 - https://issues.chromium.org/issues/346692561 - https://www.cve.org/CVERecord?id=CVE-2024-7652 | |||||
| CVE-2024-43367 | 2024-08-19 | N/A | 7.5 HIGH | ||
| Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's `AsyncGenerator` operations can cause an uncaught exception on certain scripts. Boa's implementation of `AsyncGenerator` makes the assumption that the state of an `AsyncGenerator` object cannot change while resolving a promise created by methods of `AsyncGenerator` such as `%AsyncGeneratorPrototype%.next`, `%AsyncGeneratorPrototype%.return`, or `%AsyncGeneratorPrototype%.throw`. However, a carefully constructed code could trigger a state transition from a getter method for the promise's `then` property, which causes the engine to fail an assertion of this assumption, causing an uncaught exception. This could be used to create a Denial Of Service attack in applications that run arbitrary ECMAScript code provided by an external user. Version 0.19.0 is patched to correctly handle this case. Users unable to upgrade to the patched version would want to use `std::panic::catch_unwind` to ensure any exceptions caused by the engine don't impact the availability of the main application. | |||||
| CVE-2024-20048 | 2024-07-03 | N/A | 6.2 MEDIUM | ||
| In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769. | |||||