Vulnerabilities (CVE)

CWE filter

CWE-388

Filter

51 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12380 1 Linux 1 Linux Kernel 2019-10-10 2.1
**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation...
CVE-2019-1750 1 Cisco 1 Ios Xe 2019-10-09 N/A
A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error...
CVE-2019-1635 1 Cisco 16 Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 Firmware, Ip Phone 7811 Firmware and 13 more 2019-10-09 7.8
A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly,...
CVE-2018-6346 2019-10-09 5.0
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.
CVE-2018-1081 1 Moodle 1 Moodle 2019-10-09 5.0
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send...
CVE-2018-15776 1 Dell 1 Idrac7 Firmware 2019-10-09 4.6
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
CVE-2018-10624 1 Johnsoncontrols 1 Metasys System 2019-10-09 3.3
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain...
CVE-2018-0415 1 Cisco 8 Wap121 Firmware, Wap125 Firmware, Wap131 Firmware and 5 more 2019-10-09 5.5
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an...
CVE-2018-0155 1 Cisco 2 Ios, Ios Xe 2019-10-09 7.8
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd...
CVE-2017-16014 1 Http-proxy Project 1 Http-proxy 2019-10-09 5.0
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
CVE-2016-9778 2 Isc, Netapp 3 Bind, Data Ontap Edge, Solidfire Element Os Management Node 2019-10-09 4.3
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by...
CVE-2018-1269 1 Cloud Foundry 1 Loggregator 2019-08-14 4.0
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated...
CVE-2018-10998 3 Exiv2, Canonical, Debian 3 Exiv2, Ubuntu Linux, Debian Linux 2019-08-06 4.3
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
CVE-2018-10949 1 Zimbra 1 Zimbra Collaboration Suite 2019-08-01 5.0
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
CVE-2019-2237 1 Qualcomm 17 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware and 14 more 2019-07-26 2.1
Failure in taking appropriate action to handle the error case If keypad gpio deactivation fails leads to silent failure scenario and subsequent logic gets executed everytime in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics...
CVE-2019-2240 1 Qualcomm 50 Ipq4019 Firmware, Ipq8064 Firmware, Ipq8074 Firmware and 47 more 2019-07-26 2.1
While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,...
CVE-2019-7846 1 Adobe 1 Campaign 2019-07-21 5.0
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-13046 1 Toaruos 1 Toaruos 2019-07-01 7.2
linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications.
CVE-2018-1002105 3 Kubernetes, Redhat, Netapp 3 Kubernetes, Openshift Container Platform, Trident 2019-06-28 7.5
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API...
CVE-2016-8745 1 Apache 1 Tomcat 2019-04-15 5.0
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to...