CWE-252
172 CVEs classified under CWE-252. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-66565 | Critical | 9.8 | 2025-12-09 | Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (c… |
CVE-2021-38171 | Critical | 9.8 | 2021-08-21 | adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argume… |
CVE-2021-26955 | Critical | 9.8 | 2021-02-09 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str… |
CVE-1999-0199 | Critical | 9.8 | 2020-10-06 | manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, whi… |
CVE-2019-15900 | Critical | 9.8 | 2019-10-18 | An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking… |
CVE-2010-0211 | Critical | 9.8 | 2010-07-28 | The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attac… |
CVE-2007-3798 | Critical | 9.8 | 2007-07-16 | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP p… |
CVE-2024-50306 | Critical | 9.1 | 2024-11-14 | Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, fr… |
CVE-2022-25718 | Critical | 9.1 | 2022-10-19 | Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consum… |
CVE-2022-23806 | Critical | 9.1 | 2022-02-11 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a v… |
CVE-2026-22861 | High | 8.8 | 2026-01-13 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color manage… |
CVE-2026-22255 | High | 8.8 | 2026-01-08 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color manage… |
CVE-2026-22047 | High | 8.8 | 2026-01-07 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color manage… |
CVE-2026-22046 | High | 8.8 | 2026-01-07 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color manage… |
CVE-2024-38427 | High | 8.8 | 2024-06-16 | In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in… |
CVE-2021-26958 | High | 8.8 | 2021-02-09 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb… |
CVE-2019-15942 | High | 8.8 | 2019-09-05 | FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c m… |
CVE-2021-40401 | High | 8.6 | 2022-02-04 | A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2… |
CVE-2022-23626 | High | 8.5 | 2022-02-08 | m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Althoug… |
CVE-2023-47480 | High | 8.4 | 2024-09-20 | An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function. |