CWE-248
104 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-248page 1 of 3
- CVE-2018-11464LOWCVSS 3.72018-12-12
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of…
- CVE-2018-11465HIGHCVSS 7.82018-12-12
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 …
- CVE-2018-11466CRITICALCVSS 9.82018-12-12
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 …
- CVE-2019-10917MEDIUMCVSS 5.5EG 5.52019-05-14
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9…
- CVE-2019-10931HIGHCVSS 7.5EG 7.52019-07-11
A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 d…
- CVE-2019-6575HIGHCVSS 7.52019-04-17
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variant…
- CVE-2019-6809HIGHCVSS 7.5EG 7.52019-09-17
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a pos…
- CVE-2019-6828HIGHCVSS 7.5EG 7.52019-09-17
A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a poss…
- CVE-2019-6829HIGHCVSS 7.5EG 7.52019-09-17
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory address…
- CVE-2019-6830MEDIUMCVSS 5.9EG 5.92019-09-17
A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
- CVE-2019-7474MEDIUMCVSS 6.52019-04-02
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.1…
- CVE-2020-10292HIGHCVSS 8.2EG 8.22020-11-06
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from…
- CVE-2020-10604HIGHCVSS 7.5EG 7.52020-07-25
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.
- CVE-2020-14348MEDIUMCVSS 4.3EG 4.32020-09-16
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as…
- CVE-2020-15796HIGHCVSS 7.5EG 7.52020-12-14
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remot…
- CVE-2020-27121MEDIUMCVSS 4.3EG 4.32020-11-06
A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, …
- CVE-2020-5129HIGHCVSS 7.5EG 7.52020-03-26
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.
- CVE-2020-6019HIGHCVSS 7.5EG 7.52020-11-13
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.
- CVE-2021-25971MEDIUMCVSS 4.3EG 4.32021-10-20
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
- CVE-2021-3038MEDIUMCVSS 5.5EG 5.52021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BS…
- CVE-2021-32694MEDIUMCVSS 4.1EG 4.12021-06-17
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched…
- CVE-2021-33010HIGHCVSS 7.5EG 7.52022-04-04
An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.
- CVE-2021-33145HIGHCVSS 7.2EG 7.22024-02-23
Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2021-36802MEDIUMCVSS 6.5EG 6.52021-08-04
Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the p…
- CVE-2021-37714HIGHCVSS 7.5EG 7.52021-08-18
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that cau…
- CVE-2021-41545HIGHCVSS 7.5EG 7.52022-05-10
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the…
- CVE-2022-1975MEDIUMCVSS 5.5EG 5.52022-08-31
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
- CVE-2022-20675MEDIUMCVSS 5.3EG 5.32022-04-06
A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacke…
- CVE-2022-20761HIGHCVSS 7.4EG 6.52022-04-15
A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected d…
- CVE-2022-20919HIGHCVSS 8.6EG 7.52022-09-30
A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpected…
- CVE-2022-24434HIGHCVSS 7.5EG 7.52022-05-20
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
- CVE-2022-24822HIGHCVSS 7.5EG 7.52022-04-06
Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to …
- CVE-2022-25324HIGHCVSS 7.5EG 7.52022-05-06
All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.
- CVE-2022-31015MEDIUMCVSS 6.5EG 6.52022-05-31
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread…
- CVE-2022-3500MEDIUMCVSS 5.1EG 5.12022-11-22
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestatio…
- CVE-2022-36046MEDIUMCVSS 5.3EG 5.32022-08-31
Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandled…
- CVE-2022-38166HIGHCVSS 7.5EG 7.52022-11-25
In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of…
- CVE-2022-39386HIGHCVSS 7.5EG 7.52022-11-08
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it …
- CVE-2022-41940HIGHCVSS 7.1EG 7.12022-11-22
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the No…
- CVE-2023-0158HIGHCVSS 7.5EG 7.52023-01-17
NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rr…
- CVE-2023-0790HIGHCVSS 7.6EG 7.62023-02-12
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
- CVE-2023-1691HIGHCVSS 7.5EG 7.52023-07-06
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2023-20086HIGHCVSS 8.6EG 8.62023-11-01
A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This v…
- CVE-2023-20628MEDIUMCVSS 6.7EG 6.72023-03-07
In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS074944…
- CVE-2023-21087MEDIUMCVSS 5.5EG 5.52023-04-19
In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exp…
- CVE-2023-22290MEDIUMCVSS 6.5EG 6.52023-11-14
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.
- CVE-2023-22292HIGHCVSS 7.3EG 7.32023-11-14
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2023-22477MEDIUMCVSS 5.3EG 5.32023-01-09
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround…
- CVE-2023-2251HIGHCVSS 7.5EG 7.52023-04-24
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
- CVE-2023-22941MEDIUMCVSS 6.5EG 7.52023-02-14
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).
Map vulnerabilities like CWE-248 to your infrastructure
EchelonGraph correlates every CVE — across CWE-248 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →