Total
158 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39945 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2025-02-13 | 8.2 High |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. | ||||
| CVE-2023-3966 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-02-13 | 7.5 High |
| A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled. | ||||
| CVE-2023-6533 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. | ||||
| CVE-2023-6640 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | ||||
| CVE-2024-3052 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2025-02-05 | 7.5 High |
| Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. | ||||
| CVE-2023-21087 | 1 Google | 1 Android | 2025-02-05 | 5.5 Medium |
| In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 | ||||
| CVE-2023-29520 | 1 Xwiki | 1 Xwiki | 2025-02-05 | 4.3 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load. | ||||
| CVE-2023-2251 | 1 Yaml Project | 1 Yaml | 2025-02-04 | 7.5 High |
| Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. | ||||
| CVE-2024-23449 | 1 Elastic | 1 Elasticsearch | 2025-02-04 | 4.3 Medium |
| An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files. | ||||
| CVE-2025-24883 | 2025-01-30 | N/A | ||
| go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13. | ||||
| CVE-2024-31904 | 1 Ibm | 1 App Connect Enterprise | 2025-01-07 | 6.5 Medium |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. | ||||
| CVE-2024-21983 | 1 Netapp | 1 Storagegrid | 2024-12-13 | 6.5 Medium |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. | ||||
| CVE-2024-54106 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 7.1 High |
| Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32995 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 6.2 Medium |
| Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-11738 | 1 Redhat | 1 Trusted Artifact Signer | 2024-12-06 | 5.3 Medium |
| A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message. | ||||
| CVE-2024-20137 | 1 Mediatek | 6 Mt6890, Mt7622, Mt7915 and 3 more | 2024-12-02 | 7.5 High |
| In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727. | ||||
| CVE-2024-28835 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2024-11-24 | 5 Medium |
| A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. | ||||
| CVE-2024-3051 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | 7.5 High |
| Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | ||||
| CVE-2024-38525 | 2024-11-21 | 7.5 High | ||
| dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2. | ||||
| CVE-2024-34363 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash. | ||||