Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

CVEs (584)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-38235 1Xpdf Project 1Xpdf Nov 21, 2024 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
CVE-2022-38234 1Xpdf Project 1Xpdf Nov 21, 2024 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
CVE-2022-38233 1Xpdf Project 1Xpdf Nov 21, 2024 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.
CVE-2022-36145 1Swfmill 1Swfmill Nov 21, 2024 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord().
CVE-2022-36141 1Swfmill 1Swfmill Nov 21, 2024 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer, SWF::Context).
CVE-2022-36140 1Swfmill 1Swfmill Nov 21, 2024 Aug 16, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer, SWF::Context).
CVE-2022-35473 1Otfcc Project 1Otfcc Nov 21, 2024 Aug 16, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7.
CVE-2022-35469 1Otfcc Project 1Otfcc Nov 21, 2024 Aug 16, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384.
CVE-2022-22217 1Juniper 1Junos Nov 21, 2024 Jul 20, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). The...Show more An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). The issue is caused by malformed MLD packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. These MLD packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. This issue only affects QFX10K Series switches, including the QFX10002, QFX10008, and QFX10016. Other products and platforms are unaffected by this vulnerability. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2.Show less
CVE-2022-26078 1Gallagher 1Controller 6000 Firmware Nov 21, 2024 Jul 6, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vC...Show more Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a.Show less
CVE-2022-31103 1Lettersanitizer Project 1Lettersanitizer Nov 21, 2024 Jun 27, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This p...Show more lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2.Show less
CVE-2022-31093 1Nextauth.js 1Next Auth Nov 21, 2024 Jun 27, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which...Show more NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the API route handler timing out and logging in to fail. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more.Show less
CVE-2022-20130 1Google 1Android Nov 21, 2024 Jun 15, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User inter...Show more In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979Show less
CVE-2022-30738 1Samsung 1Internet Nov 21, 2024 Jun 7, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.
CVE-2022-23712 1Elastic 1Elasticsearch Nov 21, 2024 Jun 6, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.
CVE-2022-29369 1F5 1Njs Nov 21, 2024 May 12, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
CVE-2022-29473 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 May 5, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic...Show more On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedShow less
CVE-2022-28706 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 May 5, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note:...Show more On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedShow less
CVE-2022-26130 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 May 5, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtua...Show more On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedShow less
CVE-2022-28793 1Samsung 1Galaxy S22 Firmware Nov 21, 2024 May 3, 2022 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy...Show more Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.Show less

Previous 1...192021...30 Next