Vulnerabilities (CVE)

Filtered by CWE-404
Total 417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000369 2 Debian, Exim 2 Debian Linux, Exim 2025-04-20 2.1 LOW 4.0 MEDIUM
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
CVE-2012-2805 1 Ffmpeg 1 Ffmpeg 2025-04-20 5.0 MEDIUM 7.5 HIGH
Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.
CVE-2017-11016 1 Google 1 Android 2025-04-20 4.6 MEDIUM 7.8 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared.
CVE-2016-8212 1 Dell 1 Bsafe Crypto-j 2025-04-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.
CVE-2017-9059 1 Linux 1 Linux Kernel 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.
CVE-2017-5650 1 Apache 1 Tomcat 2025-04-20 5.0 MEDIUM 7.5 HIGH
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.
CVE-2017-1145 1 Ibm 1 Websphere Mq 2025-04-20 7.8 HIGH 8.6 HIGH
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.
CVE-2024-57654 1 Openlinksw 1 Virtuoso 2025-04-17 N/A 7.5 HIGH
An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57659 1 Openlinksw 1 Virtuoso 2025-04-17 N/A 7.5 HIGH
An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57661 1 Openlinksw 1 Virtuoso 2025-04-17 N/A 7.5 HIGH
An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2025-2926 1 Hdfgroup 1 Hdf5 2025-04-17 1.7 LOW 3.3 LOW
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2022-46314 1 Huawei 1 Harmonyos 2025-04-17 N/A 7.5 HIGH
The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
CVE-2025-3016 1 Assimp 1 Assimp 2025-04-17 5.0 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue.
CVE-2025-3535 2025-04-15 5.0 MEDIUM 4.3 MEDIUM
A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2960 1 Trendnet 4 Tew-637ap, Tew-637ap Firmware, Tew-638apb and 1 more 2025-04-15 6.1 MEDIUM 6.5 MEDIUM
A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2959 1 Trendnet 2 Tew-410apb, Tew-410apb Firmware 2025-04-15 6.1 MEDIUM 6.5 MEDIUM
A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2015-3415 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Watchos, Ubuntu Linux and 3 more 2025-04-12 7.5 HIGH N/A
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
CVE-2010-4038 1 Google 1 Chrome 2025-04-11 5.0 MEDIUM 7.5 HIGH
The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2024-57618 1 Monetdb 1 Monetdb 2025-04-10 N/A 7.5 HIGH
An issue in the bind_col_exp component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57623 1 Monetdb 1 Monetdb 2025-04-10 N/A 7.5 HIGH
An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.