CWE-253
13 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-253page 1 of 1
- CVE-2020-6107MEDIUMCVSS 5.5EG 5.52020-10-15
An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker …
- CVE-2021-37625HIGHCVSS 7.5EG 7.52021-08-05
Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that sh…
- CVE-2022-24880MEDIUMCVSS 5.3EG 5.32022-04-25
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.…
- CVE-2023-24487MEDIUMCVSS 6.3EG 6.32023-07-10
Arbitrary file read in Citrix ADC and Citrix Gateway
- CVE-2023-34449MEDIUMCVSS 5.3EG 5.32023-06-14
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, eith…
- CVE-2023-4501CRITICALCVSS 9.8EG 9.82023-09-12
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versio…
- CVE-2023-49286HIGHCVSS 8.6EG 8.62023-12-04
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed b…
- CVE-2023-52040CRITICALCVSS 9.8EG 9.82024-01-24
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.
- CVE-2024-1622HIGHCVSS 7.5EG 7.52024-02-26
Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.
- CVE-2024-32475HIGHCVSS 7.5EG 7.52024-04-18
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Env…
- CVE-2024-36985HIGHCVSS 8.8EG 8.82024-07-01
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“…
- CVE-2024-43521HIGHCVSS 7.5EG 7.52024-10-08
Windows Hyper-V Denial of Service Vulnerability
- CVE-2026-35091HIGHCVSS 8.2EG 8.22026-04-01
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This ca…
Map vulnerabilities like CWE-253 to your infrastructure
EchelonGraph correlates every CVE — across CWE-253 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →