Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38525 | 2024-06-28 | N/A | 7.5 HIGH | ||
| dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2. | |||||
| CVE-2023-5038 | 2024-06-25 | N/A | N/A | ||
| badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | |||||
| CVE-2024-31217 | 2024-06-13 | N/A | 5.3 MEDIUM | ||
| Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. Users should upgrade @strapi/plugin-upload to version 4.22.0 to receive a patch. | |||||
| CVE-2024-34363 | 1 Envoyproxy | 1 Envoy | 2024-06-11 | N/A | 7.5 HIGH |
| Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash. | |||||
| CVE-2024-31904 | 2024-05-24 | N/A | 6.5 MEDIUM | ||
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. | |||||
| CVE-2021-33145 | 2024-05-17 | N/A | 7.2 HIGH | ||
| Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28835 | 2024-05-16 | N/A | 5.0 MEDIUM | ||
| A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. | |||||
| CVE-2024-32995 | 2024-05-14 | N/A | 6.2 MEDIUM | ||
| Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-23449 | 2024-03-29 | N/A | 4.3 MEDIUM | ||
| An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files. | |||||
| CVE-2024-20276 | 2024-03-27 | N/A | 7.4 HIGH | ||
| A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2023-3966 | 2024-03-23 | N/A | 7.5 HIGH | ||
| A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled. | |||||
| CVE-2024-21983 | 2024-02-20 | N/A | 6.5 MEDIUM | ||
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. | |||||
| CVE-2024-23325 | 1 Envoyproxy | 1 Envoy | 2024-02-15 | N/A | 7.5 HIGH |
| Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-26586 | 2024-02-14 | N/A | 4.3 MEDIUM | ||
| Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-27318 | 1 Netapp | 1 Storagegrid | 2024-02-12 | N/A | 7.5 HIGH |
| StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. | |||||
| CVE-2023-38504 | 2024-02-05 | N/A | 7.5 HIGH | ||
| Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client. | |||||
| CVE-2023-2251 | 1 Yaml Project | 1 Yaml | 2024-02-04 | N/A | 7.5 HIGH |
| Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. | |||||
| CVE-2023-23932 | 2024-02-04 | N/A | 7.5 HIGH | ||
| OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1. | |||||
| CVE-2022-3500 | 3 Fedoraproject, Keylime, Redhat | 3 Fedora, Keylime, Enterprise Linux | 2024-02-04 | N/A | 5.1 MEDIUM |
| A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. | |||||
| CVE-2023-0790 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-02-04 | N/A | 8.8 HIGH |
| Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||