Total
191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-49761 | 1 Linux | 1 Linux Kernel | 2025-05-04 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: - Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod - Replace the btrfs_debug() with btrfs_err() - Move the error reporting into run_one_delayed_ref() This is to avoid use-after-free, the @node can be freed in the caller. This error should only be triggered at most once. As if run_one_delayed_ref() failed, we trigger the error message, then causing the call chain to error out: btrfs_run_delayed_refs() `- btrfs_run_delayed_refs() `- btrfs_run_delayed_refs_for_head() `- run_one_delayed_ref() And we will abort the current transaction in btrfs_run_delayed_refs(). If we have to run delayed refs for the abort transaction, run_one_delayed_ref() will just cleanup the refs and do nothing, thus no new error messages would be output. | ||||
| CVE-2024-31948 | 1 Frrouting | 1 Frrouting | 2025-05-01 | 6.5 Medium |
| In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. | ||||
| CVE-2021-25971 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-30 | 4.3 Medium |
| In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file | ||||
| CVE-2022-38166 | 3 Apple, F-secure, Microsoft | 3 Macos, Elements Endpoint Protection, Windows | 2025-04-29 | 7.5 High |
| In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. | ||||
| CVE-2022-3500 | 3 Fedoraproject, Keylime, Redhat | 3 Fedora, Keylime, Enterprise Linux | 2025-04-29 | 5.1 Medium |
| A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. | ||||
| CVE-2022-24822 | 1 Finn | 2 Podium Layout, Podium Proxy | 2025-04-23 | 7.5 High |
| Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users are vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions are vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions are vulnerable. It is not easily possible to work around this issue without upgrading. | ||||
| CVE-2022-36046 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2025-04-23 | 5.3 Medium |
| Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests. | ||||
| CVE-2022-39386 | 1 Fastify | 1 Websocket | 2025-04-23 | 7.5 High |
| @fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions. | ||||
| CVE-2024-20048 | 2 Google, Mediatek | 39 Android, Mt2713, Mt6781 and 36 more | 2025-04-23 | 6.2 Medium |
| In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769. | ||||
| CVE-2024-20049 | 5 Google, Linuxfoundation, Mediatek and 2 more | 47 Android, Yocto, Mt2713 and 44 more | 2025-04-23 | 4.4 Medium |
| In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765. | ||||
| CVE-2022-31015 | 1 Agendaless | 1 Waitress | 2025-04-22 | 6.5 Medium |
| Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. | ||||
| CVE-2022-41940 | 2 Redhat, Socket | 2 Jboss Fuse, Engine.io | 2025-04-22 | 7.1 High |
| Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1. | ||||
| CVE-2017-10664 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Enterprise Linux and 8 more | 2025-04-20 | 7.5 High |
| qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | ||||
| CVE-2016-10363 | 1 Elastic | 1 Logstash | 2025-04-20 | N/A |
| Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit. | ||||
| CVE-2017-1000358 | 1 Opendaylight | 1 Opendaylight | 2025-04-20 | N/A |
| Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw. | ||||
| CVE-2017-1000407 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2025-04-20 | N/A |
| The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | ||||
| CVE-2017-8288 | 1 Gnome | 1 Gnome-shell | 2025-04-20 | N/A |
| gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. | ||||
| CVE-2021-33010 | 1 Aveva | 1 System Platform | 2025-04-16 | 7.5 High |
| An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. | ||||
| CVE-2025-32944 | 2025-04-15 | 6.5 Medium | ||
| The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup. | ||||
| CVE-2024-49705 | 2025-04-15 | N/A | ||
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually. Similar effect might be achieved when a user tries to change platform language to an unimplemented one. This vulnerability has been patched in version 79.0 | ||||