Total
286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3594 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | N/A | 5.3 MEDIUM |
| A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. | |||||
| CVE-2022-3354 | 1 Open5gs | 1 Open5gs | 2023-12-10 | N/A | 7.5 HIGH |
| A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability. | |||||
| CVE-2010-10001 | 1 Shemes | 1 Grabit | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-23242 | 1 Teamviewer | 1 Teamviewer | 2023-12-10 | 1.9 LOW | 4.2 MEDIUM |
| TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password. | |||||
| CVE-2022-28875 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2021-46702 | 2 Microsoft, Torproject | 2 Windows, Tor | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory. | |||||
| CVE-2022-1210 | 2 Libtiff, Netapp | 2 Libtiff, Ontap Select Deploy Administration Utility | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-40405 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-23634 | 4 Debian, Fedoraproject, Puma and 1 more | 4 Debian Linux, Fedora, Puma and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. | |||||
| CVE-2022-25762 | 2 Apache, Oracle | 2 Tomcat, Agile Plm | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
| If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. | |||||
| CVE-2022-23717 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. | |||||
| CVE-2018-25021 | 1 Toktok | 1 Toxcore | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS). | |||||
| CVE-2021-46322 | 1 Duktape Project | 1 Duktape | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c. | |||||
| CVE-2021-40122 | 1 Cisco | 1 Meeting Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition. | |||||
| CVE-2021-44717 | 3 Debian, Golang, Opengroup | 3 Debian Linux, Go, Unix | 2023-12-10 | 5.8 MEDIUM | 4.8 MEDIUM |
| Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |||||
| CVE-2021-40833 | 3 Apple, F-secure, Microsoft | 7 Macos, Atlant, Elements Endpoint Protection and 4 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | |||||
| CVE-2022-23010 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2023-12-10 | 7.1 HIGH | 7.5 HIGH |
| On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-23033 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes. | |||||
| CVE-2021-43611 | 1 Linphone | 1 Belle-sip | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header. | |||||
| CVE-2021-45829 | 1 Hdfgroup | 1 Hdf5 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service. | |||||