Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

CVEs (584)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7982 1Openwrt 2Lede Openwrt Nov 21, 2024 Mar 16, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed...Show more An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).Show less
CVE-2020-10571 1Psd Tools Project 1Psd Tools Nov 21, 2024 Mar 14, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.
CVE-2020-4217 1Ibm 1Spectrum Scale Nov 21, 2024 Mar 9, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the fun...Show more The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.Show less
CVE-2020-6385 6Debian FedoraprojectGoogle+3 more 8Backports Sle ChromeDebian Linux+5 more Nov 21, 2024 Feb 11, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVE-2020-5215 1Google 1Tensorflow Nov 21, 2024 Jan 28, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue c...Show more In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant("hello", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.Show less
CVE-2019-15989 1Cisco 1Ios Xr Nov 21, 2024 Jan 26, 2020 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerab...Show more A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.Show less
CVE-2019-6857 1Schneider Electric 29140cpu65150 Firmware 140cpu65160 Firmware140cpu65160s Firmware+26 more May 29, 2026 Jan 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a D...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.Show less
CVE-2019-6856 1Schneider Electric 29140cpu65150 Firmware 140cpu65160 Firmware140cpu65160s Firmware+26 more May 29, 2026 Jan 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a D...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.Show less
CVE-2018-7794 1Schneider Electric 29140cpu65150 Firmware 140cpu65160 Firmware140cpu65160s Firmware+26 more May 29, 2026 Jan 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a D...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.Show less
CVE-2019-20175 1Qemu 1Qemu Nov 21, 2024 Dec 31, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implie...Show more An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert.Show less
CVE-2019-15695 2Opensuse Tigervnc 2Leap Tigervnc Nov 21, 2024 Dec 26, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote at...Show more TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.Show less
CVE-2019-14607 1Intel 378Core I3 1000g1 Firmware Core I3 1000g4 FirmwareCore I3 1005g1 Firmware+375 more Nov 21, 2024 Dec 16, 2019 N/A· v4 5.3 MEDIUM· v3 4.6 MEDIUM· v2 Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11165 1Intel 1Field Programmable Gate Array Software Development Kit For Opencl Nov 21, 2024 Dec 16, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Improper conditions check in the Linux kernel driver for the Intel(R) FPGA SDK for OpenCL(TM) Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-19646 5Netapp OracleSiemens+2 more 6Cloud Backup Mysql WorkbenchOntap Select Deploy Administration Utility+3 more Nov 21, 2024 Dec 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVE-2019-14891 3Fedoraproject KubernetesRedhat 3Cri O FedoraOpenshift Container Platform Nov 21, 2024 Nov 25, 2019 N/A· v4 5.0 MEDIUM· v3 6.0 MEDIUM· v2 A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of...Show more A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.Show less
CVE-2019-11139 3Debian IntelOpensuse 59Debian Linux LeapXeon 3104 Firmware+56 more Nov 21, 2024 Nov 14, 2019 N/A· v4 6.0 MEDIUM· v3 2.1 LOW· v2 Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
CVE-2019-15900 1Doas Project 1Doas Nov 21, 2024 Oct 18, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr...Show more An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.Show less
CVE-2019-0068 1Juniper 1Junos Nov 21, 2024 Oct 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flo...Show more The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.Show less
CVE-2019-17257 1Irfanview 1Irfanview Nov 21, 2024 Oct 8, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starting at EXR!ReadEXR+0x000000000002af80.
CVE-2019-11779 5Canonical DebianEclipse+2 more 6Backports Sle Debian LinuxFedora+3 more Nov 21, 2024 Sep 19, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then...Show more In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.Show less

Previous 1...262728 29 30 Next