CWE-703
146 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-703page 2 of 3
- CVE-2023-21026MEDIUMCVSS 5.5EG 5.52023-03-24
In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution p…
- CVE-2023-21036MEDIUMCVSS 5.5EG 5.52023-03-24
In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A
- CVE-2023-22413HIGHCVSS 7.5EG 7.52023-01-13
An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or M…
- CVE-2023-23774HIGHCVSS 8.4EG 8.42023-08-29
Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical …
- CVE-2023-28959MEDIUMCVSS 6.5EG 6.52023-04-17
An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to th…
- CVE-2023-28965MEDIUMCVSS 6.5EG 6.52023-04-17
An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these…
- CVE-2023-28970MEDIUMCVSS 6.5EG 6.52023-04-17
An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a spe…
- CVE-2023-29194MEDIUMCVSS 4.1EG 4.12023-04-14
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdm…
- CVE-2023-29195MEDIUMCVSS 4.1EG 4.12023-05-11
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that f…
- CVE-2023-32230HIGHCVSS 7.5EG 7.52023-12-18
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
- CVE-2023-34348HIGHCVSS 7.5EG 7.52024-01-18
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.
- CVE-2023-35867MEDIUMCVSS 5.9EG 5.92023-12-18
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replac…
- CVE-2023-36831HIGHCVSS 7.5EG 7.52023-07-14
An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain website…
- CVE-2023-36842MEDIUMCVSS 6.5EG 6.52024-01-12
An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in…
- CVE-2023-36849MEDIUMCVSS 6.5EG 6.52023-07-14
An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Servic…
- CVE-2023-3774MEDIUMCVSS 4.9EG 4.92023-07-28
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
- CVE-2023-38420LOWCVSS 3.8EG 3.82024-05-16
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-39136MEDIUMCVSS 5.5EG 5.52023-08-30
An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.
- CVE-2023-41378HIGHCVSS 7.5EG 7.52023-11-06
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. …
- CVE-2023-44203MEDIUMCVSS 6.5EG 6.52023-10-13
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send speci…
- CVE-2023-45927CRITICALCVSS 9.1EG 9.12024-03-27
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
- CVE-2023-49786HIGHCVSS 7.5EG 7.52023-12-14
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race conditio…
- CVE-2023-5038HIGHCVSS 7.5EG 7.52024-06-25
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or …
- CVE-2023-5090MEDIUMCVSS 6.0EG 6.02023-11-06
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.
- CVE-2023-51443HIGHCVSS 7.5EG 7.52023-12-27
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for me…
- CVE-2023-5563HIGHCVSS 7.1EG 7.12023-10-13
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
- CVE-2024-0092MEDIUMCVSS 5.5EG 5.52024-06-13
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.
- CVE-2024-10781HIGHCVSS 8.1EG 8.12024-11-26
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up …
- CVE-2024-20089HIGHCVSS 7.5EG 7.52024-09-02
In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0886…
- CVE-2024-21525HIGHCVSS 8.3EG 8.32024-07-10
All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufa…
- CVE-2024-21593MEDIUMCVSS 6.5EG 6.52024-04-12
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). …
- CVE-2024-21629MEDIUMCVSS 5.9EG 5.92024-01-02
Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the ca…
- CVE-2024-21894CRITICALCVSS 9.8EG 8.22024-04-04
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS …
- CVE-2024-22023MEDIUMCVSS 5.3EG 5.32024-04-04
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource e…
- CVE-2024-22052HIGHCVSS 7.5EG 7.52024-04-04
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby cau…
- CVE-2024-22053HIGHCVSS 8.2EG 8.22024-04-04
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS …
- CVE-2024-25741MEDIUMCVSS 5.5EG 5.52024-02-12
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
- CVE-2024-26007MEDIUMCVSS 5.3EG 5.32024-05-14
An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests.
- CVE-2024-27832HIGHCVSS 7.8EG 7.82024-06-10
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.
- CVE-2024-29205HIGHCVSS 7.5EG 7.52024-04-25
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted request…
- CVE-2024-31883MEDIUMCVSS 5.3EG 5.32024-06-27
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.
- CVE-2024-37992MEDIUMCVSS 4.9EG 4.92024-09-10
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versi…
- CVE-2024-37995LOWCVSS 2.7EG 2.72024-09-10
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versi…
- CVE-2024-38435MEDIUMCVSS 6.5EG 6.52024-07-21
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
- CVE-2024-38482MEDIUMCVSS 6.6EG 6.62024-08-02
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, lead…
- CVE-2024-39514MEDIUMCVSS 6.5EG 6.52024-07-10
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An …
- CVE-2024-39815CRITICALCVSS 9.1EG 9.12024-08-12
Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause …
- CVE-2024-39945MEDIUMCVSS 4.9EG 4.92024-07-31
A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.
- CVE-2024-4611HIGHCVSS 8.1EG 8.12024-05-29
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthen…
- CVE-2024-47215HIGHCVSS 7.5EG 7.52025-04-03
An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forward…
Map vulnerabilities like CWE-703 to your infrastructure
EchelonGraph correlates every CVE — across CWE-703 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →