CVEs classified under CWE-388, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2018-1002105 — CVSS 9.8 (critical): In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in…
CVE-2017-5401 — CVSS 9.8 (critical): A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be…
CVE-2016-10466 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625…
CVE-2016-10414 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and…
CVE-2015-9120 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2014-9985 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800, TOCTOU condition…
CVE-2014-9826 — CVSS 9.8 (critical): ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
CVE-2014-9841 — CVSS 9.8 (critical): The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors…
CVE-2016-9967 — CVSS 9.8 (critical): Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and…
CVE-2016-9966 — CVSS 9.8 (critical): Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and…
CVE-2016-9965 — CVSS 9.8 (critical): Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and…
CVE-2023-20227 — CVSS 8.6 (high): A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker…
CVE-2019-13046 — CVSS 7.8 (high): linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications.
CVE-2017-17564 — CVSS 7.8 (high): An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS…
CVE-2017-8072 — CVSS 7.8 (high): The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO…
CVE-2016-9778 — CVSS 7.5 (high): An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone…
CVE-2018-6346 — CVSS 7.5 (high): A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This…
CVE-2017-16014 — CVSS 7.5 (high): Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can…
CVE-2016-8745 — CVSS 7.5 (high): A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8…
CVE-2016-7991 — CVSS 7.5 (high): On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote…
CVE-2016-6357 — CVSS 7.5 (high): A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance…
CVE-2016-1480 — CVSS 7.5 (high): A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances…
CVE-2019-1750 — CVSS 7.4 (high): A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an…
CVE-2018-0415 — CVSS 6.8 (medium): A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100…
CVE-2017-16644 — CVSS 6.6 (medium): The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial…
CVE-2026-20168 — CVSS 6.5 (medium): A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker…
CVE-2018-10624 — CVSS 6.5 (medium): In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from…
CVE-2026-20006 — CVSS 5.8 (medium): A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD)…
CVE-2019-2237 — CVSS 5.5 (medium): Failure in taking appropriate action to handle the error case If keypad gpio deactivation fails leads to silent failure scenario and…
CVE-2019-12380 — CVSS 5.5 (medium): **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in…
CVE-2015-9218 — CVSS 5.5 (medium): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD…
CVE-2017-7616 — CVSS 5.5 (medium): Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local…
CVE-2016-10062 — CVSS 5.5 (medium): The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote…
CVE-2017-5577 — CVSS 5.5 (medium): The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an…
CVE-2016-9588 — CVSS 5.5 (medium): arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of…
CVE-2006-6682 — CVSS 5.0 (medium): Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request…