Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-23372

Summary
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At-13 Apr, 2021 | 15:20
Updated At-16 Sep, 2024 | 19:09
Rejected At-
Credits

Denial of Service (DoS)

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:snyk
Assigner Org ID:bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At:13 Apr, 2021 | 15:20
Updated At:16 Sep, 2024 | 19:09
Rejected At:
▼CVE Numbering Authority (CNA)
Denial of Service (DoS)

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

Affected Products
Vendor
n/a
Product
mongo-express
Versions
Affected
  • From 0 before unspecified (custom)
Problem Types
TypeCWE IDDescription
textN/ADenial of Service (DoS)
Type: text
CWE ID: N/A
Description: Denial of Service (DoS)
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Trong Nhan Mai
François Gauthier
Behnaz Hassanshahi
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403
x_refsource_MISC
Hyperlink: https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403
x_refsource_MISC
x_transferred
Hyperlink: https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:report@snyk.io
Published At:13 Apr, 2021 | 20:15
Updated At:19 Apr, 2021 | 15:32

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.14.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
MongoDB, Inc.
mongo-express_project
>>mongo-express>>*
cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-754Primarynvd@nist.gov
CWE ID: CWE-754
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403report@snyk.io
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403
Source: report@snyk.io
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

167Records found
CVE-2024-21614
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 66.25%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:56
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: A specific query via DREND causes rpd crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS * 22.2 versions earlier than 22.2R2-S2, 22.2R3; * 22.3 versions earlier than 22.3R2, 22.3R3. Juniper Networks Junos OS Evolved * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO. This issue does not affect Juniper Networks: Junos OS versions earlier than 22.2R1; Junos OS Evolved versions earlier than 22.2R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-1622
Matching Score-4
Assigner-NLnet Labs
ShareView Details
Matching Score-4
Assigner-NLnet Labs
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.22%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 13:35
Updated-27 Feb, 2025 | 03:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Routinator terminates when RTR connection is reset too quickly after opening

Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.

Action-Not Available
Vendor-nlnetlabsNLnet LabsFedora Project
Product-fedoraroutinatorRoutinator
CWE ID-CWE-253
Incorrect Check of Function Return Value
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-20089
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-2.29% / 84.89%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 02:07
Updated-05 Sep, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.

Action-Not Available
Vendor-rdkcentralGoogle LLCMediaTek Inc.The Linux Foundation
Product-mt6980mt6990mt6985mt6835androidmt6886mt8792mt6989mt8775yoctomt6897mt8796mt6878rdk-bmt8678MT6835, MT6878, MT6886, MT6897, MT6980, MT6985, MT6989, MT6990, MT8678, MT8775, MT8792, MT8796mt6980mt6990mt6985mt6835androidmt6886mt8792mt6989mt8775mt8796mt6897yoctomt6878mt8678
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2024-9124
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.2||HIGH
EPSS-0.30% / 53.67%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 16:23
Updated-22 Sep, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-powerflex_6000tpowerflex_6000t_firmwareDrives - PowerFlex 6000Tpowerflex_600t
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-10051
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.60%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 19:47
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes.

Action-Not Available
Vendor-suricata-idsn/a
Product-suricatan/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-1010239
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-7.5||HIGH
EPSS-0.66% / 71.29%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 16:41
Updated-22 Jul, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.

Action-Not Available
Vendor-davegambleDaveGamble/cJSONOracle Corporation
Product-timesten_in-memory_databasecjsoncJSON
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-0068
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.21%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets

The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx550_hmsrx4100srx220srx240srx3600vsrxsrx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600csrxsrx1500Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7794
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.11%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 22:57
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Action-Not Available
Vendor-
Product-140cpu67260_firmware140cpu67261_firmwaretsxp573634m140cpu65150tsxp571634m140cpu67861modicon_m580_firmwaretsxh5744m_firmwaretsxh5744m140cpu65160_firmware140cpu67160s_firmware140cpu65160s_firmware140cpu67160_firmware140cpu65860_firmwaretsxp574634m_firmwaretsxp575634mmodicon_m580140cpu65860tsxp575634m_firmwaretsxh5724m_firmware140cpu65160tsxp573634m_firmwaretsxp57454m_firmware140cpu67160140cpu67861_firmwaretsxp57254m_firmwaretsxp57304mtsxp572634mtsxp574634mtsxh5724mtsxp57304m_firmwaretsxp57204m_140cpu67261140cpu67060_firmwaretsxp576634m_firmware140cpu65160s140cpu65260_firmware140cpu67160stsxp57154m_firmwaretsxp57154mtsxp576634mtsxp57454mmodicon_m340tsxp57254mtsxp57554mtsxp572634m_firmwaretsxp57104m_firmware140cpu67260tsxp57104mtsxp57354mtsxp57354m_firmware140cpu65150_firmwaretsxp57204m_firmwaretsxp57554m_firmware140cpu65260140cpu67060tsxp571634m_firmwaremodicon_m340_firmwareModicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7855
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.28%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:03
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7789
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.69% / 71.97%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 20:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.

Action-Not Available
Vendor-
Product-modicon_m221_firmwaremodicon_m221Modicon M221, all references, all versions prior to firmware V1.6.2.0
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7854
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-1.63% / 82.12%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:02
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7853
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.01%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:02
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-4026
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.03%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 15:24
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot.

Action-Not Available
Vendor-anker-inn/a
Product-roav_dashcam_a1_firmwareroav_dashcam_a1Novatek
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-44099
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.80%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 08:35
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-44199
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 34.94%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:05
Updated-18 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an FPC reboot

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2010mx2008mx960mx240mx204mx480mx10004mx10008junosmx2020mx10003mx304Junos OSjunos_os
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-37899
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.48%
||
7 Day CHG+0.02%
Published-19 Jul, 2023 | 19:45
Updated-28 Oct, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
feathersjs socket handler allows abusing implicit toString

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.

Action-Not Available
Vendor-feathersjsfeathersjs
Product-feathersfeathers
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-22393
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.45%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop

An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found