Common Weakness Enumeration

CWE-248

Allowed

Uncaught Exception

Abstraction: Base · Status: Draft

An exception is thrown from a function, but it is not caught.

422 vulnerabilities reference this CWE, most recent first.

CVE-2023-5038 (GCVE-0-2023-5038)

Vulnerability from cvelistv5 – Published: 2024-06-25 02:14 – Updated: 2024-08-02 07:44
VLAI
Title
Unauthenticated DoS
Summary
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
  • CWE-248 - Uncaught Exception
Assigner
References
Impacted products
Vendor Product Version
Hanwha Vision Co., Ltd. A-Series, Q-Series, PNM-series Camera Affected: Prior to version 1.41.16, Prior to version 2.22.00
Create a notification for this product.
hanwhavision ano-l6012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l6022r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision anv-l6012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l6082r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ane-l6012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision anv-l6082r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l7082r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ane-l7012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision anv-l7082r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l7012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l7022r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision anv-l7012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-c9022rv Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9000qb Affected: 0 , < 2.22.01 (custom)
    cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-7002vd Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-8082vt Affected: 0 , < 2.22.00 (custom)
    cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9002vq Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9022v Affected: 0 , < 2.22.00 (custom)
    cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9031rv Affected: 0 , < 2.22.01 (custom)
    cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9084qz Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9084rqz Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9085rqz Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9084qz1 Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9084rqz1 Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9085rqz1 Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9322vqp Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-7082rvd Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-12082rvd Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lno-6072r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnd-6012r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lno-6032r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnv-6032r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnd-6022r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnd-6072r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lno-6022r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnv-6012r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnv-6072r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnd-6032r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnv-6022r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lno-6012r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6011 Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6021 Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6022r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6032r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-25 02:05
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ane-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l6082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ane-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l7082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-c9022rv",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9000qb",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-7002vd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-8082vt",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9002vq",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9022v",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9031rv",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084qz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084rqz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9085rqz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084qz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084rqz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9085rqz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9322vqp",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-7082rvd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-12082rvd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6011",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6021",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ane-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l6082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ane-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l7082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-c9022rv",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9000qb",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-7002vd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-8082vt",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9002vq",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9022v",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9031rv",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084qz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084rqz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9085rqz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084qz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084rqz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9085rqz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9322vqp",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-7082rvd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-12082rvd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6011",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6021",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T16:44:21.978973Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T23:04:59.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "A-Series, Q-Series, PNM-series Camera",
          "vendor": "Hanwha Vision Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to version 1.41.16, Prior to version 2.22.00"
            }
          ]
        }
      ],
      "datePublic": "2024-06-25T02:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003ebadmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T02:14:06.610Z",
        "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "shortName": "Hanwha_Vision"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated DoS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
    "assignerShortName": "Hanwha_Vision",
    "cveId": "CVE-2023-5038",
    "datePublished": "2024-06-25T02:14:06.610Z",
    "dateReserved": "2023-09-18T06:00:29.464Z",
    "dateUpdated": "2024-08-02T07:44:53.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4785 (GCVE-0-2023-4785)

Vulnerability from cvelistv5 – Published: 2023-09-13 16:31 – Updated: 2026-01-12 15:34
VLAI
Title
Denial of Service in gRPC Core
Summary
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Google gRPC Unaffected: 0 , < 1.23 (custom)
Unaffected: 1.57
Affected: 1.56.0 , ≤ 1.56.1 (custom)
Affected: 1.55.0 , ≤ 1.55.2 (custom)
Affected: 1.54.0 , ≤ 1.54.2 (custom)
Affected: 1.53.0 , ≤ 1.53.1 (custom)
Create a notification for this product.
grpc grpc Affected: 0 , < 1.23 (custom)
Affected: 1.57
Affected: 1.56.0 , ≤ 1.56.1 (custom)
Affected: 1.55.0 , ≤ 155.2 (custom)
Affected: 1.54.0 , ≤ 1.54.2 (custom)
Affected: 1.53.0 , ≤ 1.53.1 (custom)
    cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grpc/grpc/pull/33656"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grpc/grpc/pull/33667"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grpc/grpc/pull/33669"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grpc/grpc/pull/33670"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grpc/grpc/pull/33672"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "grpc",
            "vendor": "grpc",
            "versions": [
              {
                "lessThan": "1.23",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "1.57"
              },
              {
                "lessThanOrEqual": "1.56.1",
                "status": "affected",
                "version": "1.56.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "155.2",
                "status": "affected",
                "version": "1.55.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "1.54.2",
                "status": "affected",
                "version": "1.54.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "1.53.1",
                "status": "affected",
                "version": "1.53.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4785",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T18:02:01.004344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T18:05:52.337Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Posix-compatible platforms"
          ],
          "product": "gRPC",
          "repo": "https://github.com/grpc/grpc",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "1.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.57"
            },
            {
              "changes": [
                {
                  "at": "1.56.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.56.1",
              "status": "affected",
              "version": "1.56.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "1.55.3",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.55.2",
              "status": "affected",
              "version": "1.55.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "1.54.3",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.54.2",
              "status": "affected",
              "version": "1.54.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "1.53.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.53.1",
              "status": "affected",
              "version": "1.53.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u0026nbsp;"
            }
          ],
          "value": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-125",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-125 Flooding"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-12T15:34:12.725Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/grpc/grpc/pull/33656"
        },
        {
          "url": "https://github.com/grpc/grpc/pull/33667"
        },
        {
          "url": "https://github.com/grpc/grpc/pull/33669"
        },
        {
          "url": "https://github.com/grpc/grpc/pull/33670"
        },
        {
          "url": "https://github.com/grpc/grpc/pull/33672"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service in gRPC Core",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-4785",
    "datePublished": "2023-09-13T16:31:55.664Z",
    "dateReserved": "2023-09-06T04:50:57.530Z",
    "dateUpdated": "2026-01-12T15:34:12.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3966 (GCVE-0-2023-3966)

Vulnerability from cvelistv5 – Published: 2024-02-22 12:15 – Updated: 2025-02-13 17:03
VLAI
Title
Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet
Summary
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Date Public
2024-02-08 00:00
Credits
This issue was discovered by Haresh Khandelwal (Red Hat) and Timothy Redaelli (Red Hat).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3966",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T15:42:09.680379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T18:14:22.101Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-3966"
          },
          {
            "name": "RHBZ#2178363",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openvswitch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unaffected",
              "version": "3.1.0"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "unknown",
          "packageName": "openvswitch2.10",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "unknown",
          "packageName": "openvswitch2.11",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "unknown",
          "packageName": "openvswitch2.12",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch2.13",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "unknown",
          "packageName": "openvswitch2.11",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "unknown",
          "packageName": "openvswitch2.12",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch2.13",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch2.15",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "unknown",
          "packageName": "openvswitch2.16",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch2.17",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch3.1",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch2.17",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "unknown",
          "packageName": "openvswitch3.0",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch3.1",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch3.2",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "openvswitch",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:3.11"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openvswitch-ovn-kubernetes",
          "product": "Red Hat OpenShift Container Platform 3.11",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
          "defaultStatus": "affected",
          "packageName": "rdo-openvswitch",
          "product": "OpenStack RDO",
          "vendor": "RDO"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "openvswitch",
          "product": "Fedora",
          "vendor": "Fedora"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Haresh Khandelwal (Red Hat) and Timothy Redaelli (Red Hat)."
        }
      ],
      "datePublic": "2024-02-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-23T02:06:40.529Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-3966"
        },
        {
          "name": "RHBZ#2178363",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-03-14T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-02-08T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet",
      "x_redhatCweChain": "CWE-248: Uncaught Exception"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-3966",
    "datePublished": "2024-02-22T12:15:53.128Z",
    "dateReserved": "2023-07-26T23:16:24.169Z",
    "dateUpdated": "2025-02-13T17:03:14.623Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3774 (GCVE-0-2023-3774)

Vulnerability from cvelistv5 – Published: 2023-07-28 00:45 – Updated: 2024-10-22 18:22
VLAI
Title
Vault Enterprise Namespace Creation May Lead to Denial of Service
Summary
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
HashiCorp Vault Enterprise Affected: 1.14.0
Affected: 1.13.4
Affected: 1.12.8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:49.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T18:22:20.353490Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T18:22:38.101Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "vendor": "HashiCorp",
          "versions": [
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.13.4"
            },
            {
              "status": "affected",
              "version": "1.12.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn unhandled error in Vault Enterprise\u0027s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "An unhandled error in Vault Enterprise\u0027s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-469",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-469: HTTP DoS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-26T21:45:44.680Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617"
        }
      ],
      "source": {
        "advisory": "HCSEC-2023-23",
        "discovery": "INTERNAL"
      },
      "title": "Vault Enterprise Namespace Creation May Lead to Denial of Service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2023-3774",
    "datePublished": "2023-07-28T00:45:04.379Z",
    "dateReserved": "2023-07-19T14:24:44.833Z",
    "dateUpdated": "2024-10-22T18:22:38.101Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3405 (GCVE-0-2023-3405)

Vulnerability from cvelistv5 – Published: 2023-06-27 14:24 – Updated: 2026-02-23 08:46
VLAI
Title
Denial of service condition in M-Files Server
Summary
Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Impacted products
Vendor Product Version
M-Files M-Files Server Affected: 0 , < 23.6.12695.3 (custom)
Unaffected: 23.2.12340.11
Create a notification for this product.
Date Public
2023-06-28 09:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T18:21:24.957217Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T18:21:55.335Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "M-Files Server",
          "vendor": "M-Files",
          "versions": [
            {
              "lessThan": "23.6.12695.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "23.2.12340.11"
            }
          ]
        }
      ],
      "datePublic": "2023-06-28T09:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service"
            }
          ],
          "value": "Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248 Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T08:46:31.978Z",
        "orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
        "shortName": "M-Files Corporation"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://product.m-files.com/security-advisories/cve-2023-3405/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://empower.m-files.com/security-advisories/CVE-2023-3405"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to patched version"
            }
          ],
          "value": "Update to patched version"
        }
      ],
      "source": {
        "defect": [
          "167238"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Denial of service condition in M-Files Server",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
    "assignerShortName": "M-Files Corporation",
    "cveId": "CVE-2023-3405",
    "datePublished": "2023-06-27T14:24:40.316Z",
    "dateReserved": "2023-06-26T13:25:05.119Z",
    "dateUpdated": "2026-02-23T08:46:31.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-2251 (GCVE-0-2023-2251)

Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:12
VLAI
Title
Uncaught Exception in eemeli/yaml
Summary
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
eemeli eemeli/yaml Affected: unspecified , < 2.0.0-5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:19:14.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2251",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T17:12:14.351498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T17:12:26.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "eemeli/yaml",
          "vendor": "eemeli",
          "versions": [
            {
              "lessThan": "2.0.0-5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248 Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-08T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c"
        },
        {
          "url": "https://github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba"
        }
      ],
      "source": {
        "advisory": "4b494e99-5a3e-40d9-8678-277f3060e96c",
        "discovery": "EXTERNAL"
      },
      "title": "Uncaught Exception in eemeli/yaml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-2251",
    "datePublished": "2023-04-24T00:00:00.000Z",
    "dateReserved": "2023-04-24T00:00:00.000Z",
    "dateUpdated": "2025-02-04T17:12:26.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1691 (GCVE-0-2023-1691)

Vulnerability from cvelistv5 – Published: 2023-07-06 12:50 – Updated: 2024-11-20 20:32
VLAI
Summary
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Huawei HarmonyOS Affected: 3.0.0
Affected: 3.1.0
Affected: 2.0.1
Affected: 2.0.0
Create a notification for this product.
Huawei EMUI Affected: 13.0.0
Affected: 12.0.1
Affected: 12.0.0
Affected: 11.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:24.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1691",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T20:32:10.146836Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T20:32:19.921Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HarmonyOS",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EMUI",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "13.0.0"
            },
            {
              "status": "affected",
              "version": "12.0.1"
            },
            {
              "status": "affected",
              "version": "12.0.0"
            },
            {
              "status": "affected",
              "version": "11.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally."
            }
          ],
          "value": "Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248 Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-06T12:50:39.273Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/"
        },
        {
          "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2023-1691",
    "datePublished": "2023-07-06T12:50:39.273Z",
    "dateReserved": "2023-03-29T09:29:47.827Z",
    "dateUpdated": "2024-11-20T20:32:19.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0790 (GCVE-0-2023-0790)

Vulnerability from cvelistv5 – Published: 2023-02-12 00:00 – Updated: 2025-03-21 18:49
VLAI
Title
Uncaught Exception in thorsten/phpmyfaq
Summary
Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
thorsten thorsten/phpmyfaq Affected: unspecified , < 3.1.11 (custom)
Create a notification for this product.
Credits
Ahmed Hassan (ahmedvienna) Josef Hassan (josefjku)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0790",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-21T18:49:20.554827Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-21T18:49:30.863Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "thorsten/phpmyfaq",
          "vendor": "thorsten",
          "versions": [
            {
              "lessThan": "3.1.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ahmed Hassan (ahmedvienna)"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Josef Hassan (josefjku)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\u003c/p\u003e"
            }
          ],
          "value": "Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248 Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-18T10:07:53.604Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"
        },
        {
          "url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"
        }
      ],
      "source": {
        "advisory": "06af150b-b481-4248-9a48-56ded2814156",
        "discovery": "EXTERNAL"
      },
      "title": "Uncaught Exception in thorsten/phpmyfaq",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-0790",
    "datePublished": "2023-02-12T00:00:00.000Z",
    "dateReserved": "2023-02-12T00:00:00.000Z",
    "dateUpdated": "2025-03-21T18:49:30.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0158 (GCVE-0-2023-0158)

Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-04-04 18:49
VLAI
Title
Triggered crash on direct RRDP access
Summary
NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
NLnet Labs Krill Affected: unspecified , ≤ 0.12.0 (custom)
Create a notification for this product.
Date Public
2023-01-17 00:00
Credits
We would like to thank user KittensAreDaBest on GitHub for the discovery and disclosure.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-0158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-04T18:49:19.145812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-04T18:49:52.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Krill",
          "vendor": "NLnet Labs",
          "versions": [
            {
              "lessThanOrEqual": "0.12.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "We would like to thank user KittensAreDaBest on GitHub for the discovery and disclosure."
        }
      ],
      "datePublic": "2023-01-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the \"/rrdp\" endpoint. Prior to 0.12.1 a direct query for any existing directory under \"/rrdp/\", rather than an RRDP file such as \"/rrdp/notification.xml\" as would be expected, causes Krill to crash. If the built-in \"/rrdp\" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-17T00:00:00.000Z",
        "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "shortName": "NLnet Labs"
      },
      "references": [
        {
          "url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt"
        }
      ],
      "title": "Triggered crash on direct RRDP access"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
    "assignerShortName": "NLnet Labs",
    "cveId": "CVE-2023-0158",
    "datePublished": "2023-01-17T00:00:00.000Z",
    "dateReserved": "2023-01-10T00:00:00.000Z",
    "dateUpdated": "2025-04-04T18:49:52.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41940 (GCVE-0-2022-41940)

Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-04-22 16:02
VLAI
Title
Uncaught exception in engine.io
Summary
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
socketio engine.io Affected: < 3.6.1
Affected: >= 4.0.0, < 6.2.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41940",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:41:28.524567Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:02:20.459Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "engine.io",
          "vendor": "socketio",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 6.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-22T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w"
        },
        {
          "url": "https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6"
        },
        {
          "url": "https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085"
        }
      ],
      "source": {
        "advisory": "GHSA-r7qp-cfhv-p84w",
        "discovery": "UNKNOWN"
      },
      "title": "Uncaught exception in engine.io "
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41940",
    "datePublished": "2022-11-22T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-04-22T16:02:20.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.