Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

CVEs (584)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-24677 1Abb 2Symphony + Historian Symphony + Operations Nov 21, 2024 Dec 22, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
CVE-2020-7549 1Schneider Electric 19140cpu65150 Firmware 140noc78000 Firmware140noc78100 Firmware+16 more May 28, 2026 Dec 11, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.Show less
CVE-2020-7543 1Schneider Electric 16Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 FirmwareModicon M340 Bmxp3420102 Firmware+13 more Nov 21, 2024 Dec 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions),...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.Show less
CVE-2020-7542 1Schneider Electric 20140cpu65150 Firmware Modicon M340 Bmxp341000 FirmwareModicon M340 Bmxp342000 Firmware+17 more Nov 21, 2024 Dec 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions),...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.Show less
CVE-2020-7539 1Schneider Electric 20140cpu65150 Firmware 140noc77101 Firmware140noc78000 Firmware+17 more Nov 21, 2024 Dec 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security...Show more A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.Show less
CVE-2020-7537 1Schneider Electric 19Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 FirmwareModicon M340 Bmxp3420102 Firmware+16 more Nov 21, 2024 Dec 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions),...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.Show less
CVE-2020-7536 1Schneider Electric 10Bmxnoe0100 Firmware Bmxnoe0110 FirmwareBmxnor0200h Firmware+7 more Nov 21, 2024 Dec 11, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3....Show more A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.Show less
CVE-2019-20924 1Mongodb 1Mongodb Nov 21, 2024 Nov 23, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior...Show more A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.Show less
CVE-2020-7538 1Schneider Electric 1Ecostruxure Control Expert Nov 21, 2024 Nov 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.Show less
CVE-2020-8766 1Intel 1Software Guard Extensions Data Center Attestation Primitives Nov 21, 2024 Nov 12, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-8738 2Intel Netapp 6Bios Cloud BackupFas/aff Bios+3 more Nov 21, 2024 Nov 12, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-0588 1Intel 1Bios Nov 21, 2024 Nov 12, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-0587 1Intel 1Bios Nov 21, 2024 Nov 12, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-1999 1Paloaltonetworks 1Pan Os Nov 21, 2024 Nov 12, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data...Show more A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.Show less
CVE-2020-16125 1Gnome 1Gnome Display Manager Nov 21, 2024 Nov 10, 2020 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an...Show more gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.Show less
CVE-2020-28037 3Debian FedoraprojectWordpress 3Debian Linux FedoraWordpress Nov 21, 2024 Nov 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code e...Show more is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).Show less
CVE-2020-6107 1F2fs Tools Project 1F2fs Tools Nov 21, 2024 Oct 15, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information discl...Show more An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2020-15202 2Google Opensuse 2Leap Tensorflow Nov 21, 2024 Sep 25, 2020 N/A· v4 9.0 CRITICAL· v3 6.8 MEDIUM· v2 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several p...Show more In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.Show less
CVE-2020-3480 1Cisco 1Ios Xe Nov 21, 2024 Sep 24, 2020 N/A· v4 8.6 HIGH· v3 7.8 HIGH· v2 Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vuln...Show more Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2020-3421 1Cisco 1Ios Xe Nov 21, 2024 Sep 24, 2020 N/A· v4 7.5 HIGH· v3 7.1 HIGH· v2 Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vuln...Show more Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.Show less

Previous 1...242526...30 Next