CVE & Exploit Intelligence Database

CVE-2021-33145 7.2 HIGH EPSS 0.00

Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-248 Feb 23, 2024

CVE-2023-3966 7.5 HIGH EPSS 0.00

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

CWE-248 Feb 22, 2024

CVE-2023-6640 6.5 MEDIUM EPSS 0.00

Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.

CWE-248 Feb 21, 2024

CVE-2023-6533 6.5 MEDIUM EPSS 0.00

Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.

CWE-248 Feb 21, 2024

CVE-2024-21983 6.5 MEDIUM EPSS 0.00

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot.

CWE-248 Feb 16, 2024

CVE-2023-26586 4.3 MEDIUM EPSS 0.00

Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CWE-248 Feb 14, 2024

CVE-2024-23325 7.5 HIGH 1 Writeup EPSS 0.00

Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE-755 Feb 09, 2024

CVE-2023-27318 6.5 MEDIUM EPSS 0.00

StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.

CWE-248 Feb 05, 2024

CVE-2024-0754 6.5 MEDIUM EPSS 0.00

Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.

CWE-248 Jan 23, 2024

CVE-2023-5310 5.7 MEDIUM EPSS 0.00

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.

CWE-248 Dec 15, 2023

CVE-2023-22292 7.3 HIGH EPSS 0.00

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-755 Nov 14, 2023

CVE-2023-22290 6.5 MEDIUM EPSS 0.00

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.

CWE-754 Nov 14, 2023

CVE-2023-20086 8.6 HIGH EPSS 0.01

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CWE-248 Nov 01, 2023

CVE-2023-46239 7.5 HIGH 1 Writeup EPSS 0.00

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected.

CWE-248 Oct 31, 2023

CVE-2023-46135 5.3 MEDIUM EPSS 0.00

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.

CWE-248 Oct 25, 2023

CVE-2023-25526 6.5 MEDIUM EPSS 0.00

NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.

CWE-248 Sep 20, 2023

CVE-2023-42447 8.6 HIGH EPSS 0.01

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available.

CWE-392 Sep 19, 2023

CVE-2023-42444 8.6 HIGH 1 Writeup EPSS 0.01

phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.

CWE-392 Sep 19, 2023

CVE-2023-4785 7.5 HIGH EPSS 0.00

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

CWE-248 Sep 13, 2023

CVE-2023-23774 8.4 HIGH EPSS 0.00

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.

CWE-755 Aug 29, 2023