Total
178 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13417 | 2025-02-21 | 4.6 Medium | ||
| Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS. | ||||
| CVE-2025-0648 | 2025-02-17 | N/A | ||
| Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change. | ||||
| CVE-2025-24836 | 2025-02-14 | 7.1 High | ||
| With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition. | ||||
| CVE-2025-20097 | 2025-02-13 | 4.3 Medium | ||
| Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access. | ||||
| CVE-2023-39948 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2025-02-13 | 7.5 High |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. | ||||
| CVE-2023-31125 | 1 Socket | 1 Engine.io | 2025-02-13 | 6.5 Medium |
| Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version. | ||||
| CVE-2023-39945 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2025-02-13 | 8.2 High |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. | ||||
| CVE-2023-6533 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. | ||||
| CVE-2023-6640 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | ||||
| CVE-2024-3052 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2025-02-05 | 7.5 High |
| Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. | ||||
| CVE-2023-21087 | 1 Google | 1 Android | 2025-02-05 | 5.5 Medium |
| In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 | ||||
| CVE-2023-29520 | 1 Xwiki | 1 Xwiki | 2025-02-05 | 4.3 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load. | ||||
| CVE-2023-2251 | 1 Yaml Project | 1 Yaml | 2025-02-04 | 7.5 High |
| Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. | ||||
| CVE-2024-23449 | 1 Elastic | 1 Elasticsearch | 2025-02-04 | 4.3 Medium |
| An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files. | ||||
| CVE-2025-24883 | 1 Ethereum | 1 Go Ethereum | 2025-01-30 | N/A |
| go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13. | ||||
| CVE-2024-31904 | 1 Ibm | 1 App Connect Enterprise | 2025-01-07 | 6.5 Medium |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. | ||||
| CVE-2024-21983 | 1 Netapp | 1 Storagegrid | 2024-12-13 | 6.5 Medium |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. | ||||
| CVE-2024-54106 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 7.1 High |
| Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32995 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 6.2 Medium |
| Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-20137 | 1 Mediatek | 6 Mt6890, Mt7622, Mt7915 and 3 more | 2024-12-02 | 7.5 High |
| In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727. | ||||