Vulnerabilities (CVE)

Filtered by CWE-755
Total 317 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41777 1 Kujirahand 1 Nadesiko3 2023-02-03 N/A 7.5 HIGH
Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
CVE-2020-7923 1 Mongodb 1 Mongodb 2023-02-03 4.0 MEDIUM 6.5 MEDIUM
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.
CVE-2019-10222 3 Ceph, Fedoraproject, Redhat 3 Ceph, Fedora, Ceph Storage 2023-02-02 5.0 MEDIUM 7.5 HIGH
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
CVE-2020-5387 1 Dell 2 Xps 13 9370, Xps 13 9370 Firmware 2023-01-31 4.9 MEDIUM 4.4 MEDIUM
Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed.
CVE-2022-39380 2023-01-30 N/A N/A
Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result.
CVE-2023-22391 1 Juniper 1 Junos 2023-01-24 N/A 7.5 HIGH
A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX2K Series: All versions prior to 19.4R3-S9; All 20.2 versions; 20.3 versions prior to 20.3R3-S6 on ACX2K Series; 20.4 versions prior to 20.4R3-S4 on ACX2K Series; All 21.1 versions; 21.2 versions prior to 21.2R3-S3 on ACX2K Series. Note: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release.
CVE-2022-21813 2 Linux, Nvidia 9 Linux Kernel, Cloud Gaming Guest, Geforce and 6 more 2023-01-24 3.6 LOW 6.1 MEDIUM
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.
CVE-2020-15701 1 Canonical 2 Apport, Ubuntu Linux 2023-01-24 2.1 LOW 5.5 MEDIUM
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
CVE-2021-22922 5 Fedoraproject, Haxx, Netapp and 2 more 22 Fedora, Curl, Cloud Backup and 19 more 2023-01-05 4.3 MEDIUM 6.5 MEDIUM
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
CVE-2022-44652 1 Trendmicro 1 Apex One 2022-12-14 N/A 7.8 HIGH
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-35295 1 Sap 1 Businessobjects Business Intelligence Platform 2022-12-14 N/A 4.9 MEDIUM
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
CVE-2022-31799 3 Bottlepy, Debian, Fedoraproject 3 Bottle, Debian Linux, Fedora 2022-12-12 7.5 HIGH 9.8 CRITICAL
Bottle before 0.12.20 mishandles errors during early request binding.
CVE-2022-33748 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-12-12 N/A 5.6 MEDIUM
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU.
CVE-2022-23496 1 Yet Another Useragent Analyzer Project 1 Yet Another Useragent Analyzer 2022-12-12 N/A 7.5 HIGH
Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library.
CVE-2022-39912 1 Google 1 Android 2022-12-12 N/A 3.3 LOW
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.
CVE-2020-25691 1 Darkhttpd Project 1 Darkhttpd 2022-12-09 5.0 MEDIUM 7.5 HIGH
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.
CVE-2022-44030 1 Redmine 1 Redmine 2022-12-08 N/A 7.5 HIGH
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
CVE-2022-0264 1 Linux 1 Linux Kernel 2022-11-16 2.1 LOW 5.5 MEDIUM
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6
CVE-2020-1744 1 Redhat 1 Keycloak 2022-11-16 6.8 MEDIUM 5.6 MEDIUM
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.
CVE-2020-12888 6 Canonical, Debian, Fedoraproject and 3 more 39 Ubuntu Linux, Debian Linux, Fedora and 36 more 2022-11-14 4.7 MEDIUM 5.3 MEDIUM
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.