CWE-392
12 CVEs classified under CWE-392. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32743 | Critical | 9.0 | 2025-04-10 | In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This… |
CVE-2024-39697 | High | 8.6 | 2024-07-09 | phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic… |
CVE-2023-42447 | High | 8.6 | 2023-09-19 | blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representin… |
CVE-2023-42444 | High | 8.6 | 2023-09-19 | phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumb… |
CVE-2017-2342 | High | 8.1 | 2017-07-17 | MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It… |
CVE-2026-42246 | High | 7.4 | 2026-05-09 | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-mi… |
CVE-2025-23270 | High | 7.1 | 2025-07-17 | NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a si… |
CVE-2026-20005 | Medium | 5.8 | 2026-03-04 | Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort… |
CVE-2025-26268 | Low | 3.3 | 2025-04-17 | DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the sca… |
CVE-2025-59398 | Low | 3.1 | 2025-09-15 | The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255>… |
CVE-2023-48430 | Low | 2.7 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters i… |
CVE-2024-12797 | | 2025-02-11 | Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshak… |