Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-44893

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-12 Jun, 2026 | 14:00
Updated At-12 Jun, 2026 | 19:02
Rejected At-
Credits

Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException. HAProxyMessageDecoder only catches HAProxyProtocolException around this call, so the IOOBE propagates and the retained slice on the pooled cumulation buffer is never released. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:12 Jun, 2026 | 14:00
Updated At:12 Jun, 2026 | 19:02
Rejected At:
▼CVE Numbering Authority (CNA)
Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException. HAProxyMessageDecoder only catches HAProxyProtocolException around this call, so the IOOBE propagates and the retained slice on the pooled cumulation buffer is never released. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Affected Products
Vendor
The Netty Projectnetty
Product
netty
Versions
Affected
  • >= 4.2.0.Final, < 4.2.15.Final
  • < 4.1.135.Final
Problem Types
TypeCWE IDDescription
CWECWE-703CWE-703: Improper Check or Handling of Exceptional Conditions
Type: CWE
CWE ID: CWE-703
Description: CWE-703: Improper Check or Handling of Exceptional Conditions
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv
x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty-4.1.135.Final
x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty-4.2.15.Final
x_refsource_MISC
Hyperlink: https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/netty/netty/releases/tag/netty-4.1.135.Final
Resource:
x_refsource_MISC
Hyperlink: https://github.com/netty/netty/releases/tag/netty-4.2.15.Final
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:12 Jun, 2026 | 15:16
Updated At:12 Jun, 2026 | 15:55

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException. HAProxyMessageDecoder only catches HAProxyProtocolException around this call, so the IOOBE propagates and the retained slice on the pooled cumulation buffer is never released. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-703Primarysecurity-advisories@github.com
CWE ID: CWE-703
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/netty/netty/releases/tag/netty-4.1.135.Finalsecurity-advisories@github.com
N/A
https://github.com/netty/netty/releases/tag/netty-4.2.15.Finalsecurity-advisories@github.com
N/A
https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfvsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/netty/netty/releases/tag/netty-4.1.135.Final
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/netty/netty/releases/tag/netty-4.2.15.Final
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

62Records found
CVE-2024-55548
Matching Score-4
Assigner-CyberDanube
ShareView Details
Matching Score-4
Assigner-CyberDanube
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 16:34
Updated-03 Nov, 2025 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service

Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.

Action-Not Available
Vendor-oringnetORing
Product-iap-420_firmwareiap-420IAP-420
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2022-41589
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.83%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2022-41777
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.83% / 88.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

Action-Not Available
Vendor-kujirahandkujirahand
Product-nadesiko3Nako3edit, editor component of nadesiko3 (PC Version)
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2022-31152
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.73% / 73.15%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 20:00
Updated-23 Apr, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-synapsesynapse
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-25252
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.63% / 70.83%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-16 Apr, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.

Action-Not Available
Vendor-ptcPTC
Product-axeda_desktop_serveraxeda_agentAxeda Desktop Server for WindowsAxeda agent
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-2075
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.59%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 17:09
Updated-04 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.

Action-Not Available
Vendor-n/aSICK AG
Product-icr890-3.5_firmwarelms511_firmwarelms511msc800lms153_firmwareclv642_firmwarelms142_firmwarelms122lms133clv631_firmwarelms531clv650_firmwareclv622_firmwareclv621lms100_firmwareclv632_firmwareclv620_firmwarelms131clv631clv640_firmwarelms131_firmwarelms111lms141icr890-3clv630clv651lms101_firmwarelms122_firmwarelms133_firmwareicr890-3_firmwarelms123_firmwarelms151clv632clv640clv620lms121_firmwarelms142lms141_firmwareclv622clv651_firmwarelms143_firmwarelms500lms500_firmwarerfhlms100lms531_firmwarelms111_firmwarelms121lms123clv621_firmwareclv630_firmwareclv642lms101lms153icr890-3.5lms143clv650lms151_firmwaremsc800_firmwarerfh_firmwareBulkscan LMS111; Bulkscan LMS511; CLV62x – CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-1644
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.40%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 18:40
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets

On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1639
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.94%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 19:26
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: A crafted Ethernet OAM packet received by Junos may cause the Ethernet OAM connectivity fault management process (CFM) to core.

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-39815
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.4||CRITICAL
EPSS-0.78% / 74.20%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 19:33
Updated-21 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.

Action-Not Available
Vendor-vonetsVonetsvonets
Product-vap11g-500s_firmwarevap11g-500_firmwarevga-1000var1200-hvap11n-300_firmwarevar1200-l_firmwarevbg1200var1200-lvap11g-500svap11ac_firmwarevar600-h_firmwarevap11s-5g_firmwarevga-1000_firmwarevar1200-h_firmwarevap11n-300vap11g-500vap11g-300_firmwarevar11n-300vap11s-5gvap11g-300vap11s_firmwarevap11gvap11acvbg1200_firmwarevap11svap11g_firmwarevar600-hvar11n-300_firmwareVAP11S-5GVAP11N-300VBG1200VAP11GVAR11N-300VGA-1000VAR1200-LVAR1200-HVAP11SVAP11G-300VAP11G-500VAP11G-500SVAP11ACVAR600-Hvap11g-500s_firmwarevap11n-300_firmwarevap11s_firmwarevar1200-l_firmwarevbg1200_firmwarevap11ac_firmwarevar600-h_firmwarevap11s-5g_firmwarevga-1000_firmwarevap11g_firmwarevar1200-h_firmwarevap11g-300_firmwarevar11n-300_firmware
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2024-37992
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 47.30%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-18 Sep, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application.

Action-Not Available
Vendor-Siemens AG
Product-simatic_reader_rf650r_fcc_firmwaresimatic_reader_rf680r_cmiitsimatic_rf1170r_firmwaresimatic_reader_rf650r_cmiit_firmwaresimatic_reader_rf685r_fccsimatic_reader_rf650r_aribsimatic_reader_rf615r_etsi_firmwaresimatic_rf360rsimatic_reader_rf680r_fccsimatic_reader_rf610r_fccsimatic_reader_rf610r_etsi_firmwaresimatic_reader_rf685r_arib_firmwaresimatic_reader_rf615r_cmiitsimatic_rf186c_firmwaresimatic_reader_rf685r_fcc_firmwaresimatic_rf188c_firmwaresimatic_reader_rf680r_cmiit_firmwaresimatic_reader_rf685r_etsisimatic_rf185csimatic_rf360r_firmwaresimatic_rf1140r_firmwaresimatic_rf186cisimatic_rf1140rsimatic_rf188csimatic_reader_rf610r_cmiit_firmwaresimatic_reader_rf610r_fcc_firmwaresimatic_rf185c_firmwaresimatic_reader_rf615r_fccsimatic_reader_rf680r_etsisimatic_reader_rf615r_fcc_firmwaresimatic_reader_rf680r_fcc_firmwaresimatic_reader_rf610r_etsisimatic_reader_rf685r_cmiit_firmwaresimatic_reader_rf680r_arib_firmwaresimatic_rf186ci_firmwaresimatic_rf166c_firmwaresimatic_rf188ci_firmwaresimatic_reader_rf650r_fccsimatic_reader_rf650r_cmiitsimatic_reader_rf685r_cmiitsimatic_rf166csimatic_reader_rf680r_aribsimatic_rf1170rsimatic_reader_rf650r_etsisimatic_reader_rf610r_cmiitsimatic_reader_rf650r_arib_firmwaresimatic_reader_rf680r_etsi_firmwaresimatic_reader_rf615r_etsisimatic_reader_rf650r_etsi_firmwaresimatic_rf186csimatic_reader_rf685r_aribsimatic_reader_rf615r_cmiit_firmwaresimatic_reader_rf685r_etsi_firmwaresimatic_rf188ciSIMATIC Reader RF650R ARIBSIMATIC Reader RF650R ETSISIMATIC Reader RF680R CMIITSIMATIC Reader RF615R ETSISIMATIC RF166CSIMATIC Reader RF685R CMIITSIMATIC RF185CSIMATIC Reader RF610R CMIITSIMATIC Reader RF685R ETSISIMATIC Reader RF615R CMIITSIMATIC RF188CISIMATIC Reader RF610R ETSISIMATIC Reader RF685R FCCSIMATIC Reader RF615R FCCSIMATIC RF186CSIMATIC RF360RSIMATIC Reader RF680R ARIBSIMATIC RF1140RSIMATIC Reader RF685R ARIBSIMATIC RF1170RSIMATIC Reader RF680R ETSISIMATIC RF188CSIMATIC Reader RF610R FCCSIMATIC Reader RF650R CMIITSIMATIC RF186CISIMATIC Reader RF680R FCCSIMATIC Reader RF650R FCC
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2017-16014
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.27% / 51.16%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.

Action-Not Available
Vendor-http-proxy_projectHackerOne
Product-http-proxyhttp-proxy node module
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-388
Not Available
CVE-2023-5038
Matching Score-4
Assigner-Hanwha Vision Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Hanwha Vision Co., Ltd.
CVSS Score-8.7||HIGH
EPSS-0.40% / 61.30%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 02:14
Updated-02 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated DoS

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Action-Not Available
Vendor-hanwhavisionHanwha Vision Co., Ltd.hanwhavision
Product-xnv-9083rzxnp-8250rxnf-9010rvm_firmwarexnd-8082rf_firmwarelno-6012rxnp-6400rxnv-8082rlnd-6072r_firmwarexnv-8082r_firmwarexnp-6400rwqnv-6082rqnv-6082r1_firmwarexno-9083r_firmwarelno-6022rxnp-8250qnv-6024rmqnd-8080r_firmwareqnv-6084rlno-6022r_firmwareqnv-7022r_firmwarexnd-6083rvqno-7012rxnv-6083r_firmwareqnd-6072r1_firmwarexnp-6400rw_firmwarexnv-8093r_firmwarepnm-c9022rvqnv-6082r1qnd-8021_firmwareqnv-6032r1xnv-8083zxno-6083rano-l6022r_firmwareqnb-8002_firmwareqno-8020rxnp-9300rw_firmwareqnd-7032rxnp-c8303rw_firmwarexnv-c7083rqnd-6012r_firmwarexno-9082rxnp-9250_firmwarepnm-7002vdqnd-6073r_firmwarexno-6123r_firmwarexnv-6083rqno-6022r1xnf-9010rv_firmwareqnv-6022r_firmwareqnd-6082r1pnm-9000qbqnd-6083rxno-9083rqno-6032rqnd-7032r_firmwarexnd-8082rv_firmwareqnd-6082r_firmwarexnd-c6083rvxno-c9083rxnd-9082rvpnm-9031rvxnv-8083z_firmwareqnv-7082r_firmwarexnp-c9253_firmwarexno-9082r_firmwareqnv-8030rtnv-c7013rcpnm-9084rqz1_firmwarexno-8082rqnv-6032rqnd-8020r_firmwarexnd-9082rf_firmwarexno-8082r_firmwareqno-6073r_firmwareanv-l6082r_firmwareqnd-6012r1_firmwarelnv-6032rxnv-6083zlnv-6072r_firmwareano-l7022r_firmwarexnv-9083rqnv-6032r_firmwareqnv-6032r1_firmwarexnd-8093rv_firmwarexnv-c6083_firmwareqno-6022rane-l7012r_firmwarexnf-9010rvxnv-8083rz_firmwareqnd-8030rqno-6082rtnv-c7013rc_firmwarepnm-9085rqzqno-6084rano-l7012rqnv-8020r_firmwareqno-6072rqno-7032rqnv-8010rqno-7082rqno-6012r_firmwareqno-6012rxnb-9003xnp-c6403r_firmwarexnp-c6403rwxnp-9300rwxnv-c9083r_firmwarexnb-8002qne-8021r_firmwareqnd-7012rpnm-12082rvd_firmwarelnv-6032r_firmwareqno-6032r_firmwarexnd-9082rfqno-6082r_firmwareqnv-8080r_firmwareqno-6084r_firmwarexnd-8082rfpnm-9085rqz1_firmwarepnm-9084qz_firmwareqno-7032r_firmwarepnm-9084qz1ano-l6012rxnv-9082rlnd-6072rqnv-7012r_firmwareane-l6012r_firmwarexno-6123rxnd-8082rvpnm-9000qb_firmwarexnp-c9310r_firmwarelnv-6072rqnd-6012r1xnd-8093rvqnd-8030r_firmwareanv-l6012ranv-l7012rqnd-6011qnd-8020rqno-6073rqno-6072r1_firmwarepnm-9084qz1_firmwareqne-8021rxnb-6003_firmwarexno-6083r_firmwareqno-8020r_firmwareqnd-6073rqnv-7032r_firmwareqnd-8010r_firmwareanv-l6082rpnm-9085rqz_firmwareqno-8030rlnd-6012r_firmwarexnp-8300rw_firmwareanv-l7012r_firmwareqnv-6012r1xnp-c6403rw_firmwarexnp-c8253rxnb-9002_firmwarexnp-c8253r_firmwarexnf-9013rvxnv-8083r_firmwareqnd-6022rqnd-6011_firmwareano-l7012r_firmwarexnp-c9303rwqnd-6022r_firmwarexnd-9083rv_firmwarexnb-6003qnv-8080rqnd-6072r1qnv-6023rqnd-6082ranv-l6023r_firmwareqnd-6072rlno-6072rxnd-c9083rvqnd-6022r1pnm-9084rqz1qnv-6083r_firmwarexnv-6083rz_firmwareano-l6082r_firmwareqnv-6012r1_firmwareqno-6072r_firmwarelno-6032r_firmwareano-l6022rqnd-6032r1_firmwarexnv-9082r_firmwarexnf-9010rspnm-9031rv_firmwarepnm-9085rqz1qnd-6082r1_firmwareano-l7082rqnv-6082r_firmwareane-l6012rqnv-6012rqnd-6021_firmwarexnd-c6083rv_firmwarelnd-6012rlnv-6012rxnd-6083rv_firmwarexnp-c8253_firmwareqnd-7082r_firmwareqno-6082r1_firmwareqno-8080r_firmwarexnv-6083rzqnd-7022rqnv-6084r_firmwareqno-6083rqno-8010rpnm-c9022rv_firmwarepnm-9084rqz_firmwareqnv-6014rxnp-c9253anv-l6012r_firmwarexnd-8083rv_firmwareqnv-6022r1_firmwareqno-7082r_firmwarexnv-6123r_firmwareqno-6014r_firmwarexnb-6002_firmwareqnv-6073r_firmwarexnp-8250_firmwareqnv-6073rpnm-7082rvd_firmwareqno-6032r1qno-8030r_firmwareqnd-6032r1lnd-6022r_firmwarexnp-6400_firmwareqnd-6021xnp-c6403rqnv-7082rqnv-6072r1_firmwareanv-l7082r_firmwarelno-6032rxno-c8083r_firmwarexnp-6400r_firmwarepnm-9322vqpxno-c6083r_firmwarexno-c7083r_firmwareano-l6082rqnv-6014r_firmwareano-l6012r_firmwarepnm-12082rvdxnp-9250xnb-8003_firmwarexnp-c6403_firmwareanv-l6023rxnb-6002xnp-c6403ano-l7022rpnm-7082rvdxnf-9010rvmxnv-9083rz_firmwarexnb-8002_firmwareqnv-6023r_firmwareqnd-8021xnd-c9083rv_firmwarexnv-c6083r_firmwarexnv-8083rqno-6022r1_firmwarexno-c8083rqnd-6083r_firmwarelnv-6022r_firmwareqnv-6024rm_firmwareqnd-7022r_firmwarexnp-9250rqno-7022rxnd-c7083rvxnd-c8083rv_firmwarepnm-8082vtxnp-c9310rpnm-9002vqqnv-6072r1xnp-c9253rxnd-9083rvxnv-c6083rqno-6072r1ano-l7082r_firmwarexnf-9013rv_firmwareqnv-8010r_firmwarexnb-9003_firmwarexnv-c9083rpnm-9022v_firmwareqnv-7012rxnp-9250r_firmwareqnd-6072r_firmwareqno-7022r_firmwarexnv-c8083rxnp-6400qno-7012r_firmwareqnd-6032rpnm-8082vt_firmwarexnv-6123rxnb-9002xnp-c9303rw_firmwarexnf-9010rs_firmwarelno-6012r_firmwarexnb-8003qnb-8002qnd-8080rxnp-c8253qnv-6022r1lnd-6032r_firmwareqnd-8010rxnd-9082rv_firmwarepnm-9322vqp_firmwarelnv-6022rxno-c9083r_firmwareqno-8080rqnd-6032r_firmwareqno-6014rxnv-c8083r_firmwarepnm-9084rqzqnv-6072r_firmwareqno-6083r_firmwareqnd-7012r_firmwarexno-8083r_firmwareqnd-7082rqnv-8020rqno-8010r_firmwareqnv-7022rxnv-6083z_firmwareqnd-8011_firmwarexnp-8300rwxnd-c7083rv_firmwareanv-l7082rqnd-8011xnd-8083rvxnp-c9253r_firmwareqno-6022r_firmwareqne-8011rxnv-c7083r_firmwareane-l7012rxno-c7083rxnv-9083r_firmwareqno-6032r1_firmwarexnp-8250r_firmwareqno-6012r1lno-6072r_firmwareqne-8011r_firmwarexno-8083rqnd-6022r1_firmwarepnm-7002vd_firmwarelnv-6012r_firmwareqnv-6022rqno-6012r1_firmwareqnd-6012rqnv-6012r_firmwarexno-c6083rqnv-6072rqnv-7032rqnv-6083rqno-6082r1pnm-9002vq_firmwarexnv-8093rxnv-8083rzpnm-9084qzxnd-c8083rvlnd-6022rqnv-8030r_firmwarexnp-c8303rwlnd-6032rxnv-c6083pnm-9022vA-Series, Q-Series, PNM-series Camerapnm-9322vqppnm-9085rqzlnd-6012rlnv-6012rano-l6082rpnm-12082rvdane-l7012rpnm-9000qblno-6012rano-l7012rqnd-6032rano-l7022rpnm-7082rvdqnd-6022rpnm-9031rvlno-6022rlnv-6022rqnd-6012ranv-l6082rpnm-9084qz1ano-l6012rpnm-8082vtlno-6072rlno-6032rlnv-6032rlnd-6072rpnm-c9022rvpnm-9084rqzpnm-9084qzpnm-9084rqz1lnv-6072rpnm-9002vqanv-l6012ranv-l7012rqnd-6011lnd-6022rano-l6022rlnd-6032rpnm-9085rqz1qnd-6021anv-l7082rano-l7082rpnm-9022vpnm-7002vdane-l6012r
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
  • Previous
  • 1
  • 2
  • Next
Details not found