Total
107 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-26590 | 3 Fedoraproject, Redhat, Sox Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2023-12-10 | N/A | 5.5 MEDIUM |
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. | |||||
CVE-2023-36829 | 1 Functional | 1 Sentry | 2023-12-10 | N/A | 5.4 MEDIUM |
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2. | |||||
CVE-2023-25666 | 1 Google | 1 Tensorflow | 2023-12-10 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
CVE-2023-32571 | 1 Dynamic-linq | 1 Linq | 2023-12-10 | N/A | 9.8 CRITICAL |
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. | |||||
CVE-2022-43621 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16152. | |||||
CVE-2022-29944 | 1 Opennetworking | 1 Onos | 2023-12-10 | N/A | 5.3 MEDIUM |
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed. | |||||
CVE-2023-25673 | 1 Google | 1 Tensorflow | 2023-12-10 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
CVE-2023-25675 | 1 Google | 1 Tensorflow | 2023-12-10 | N/A | 7.5 HIGH |
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1. | |||||
CVE-2022-34366 | 1 Dell | 1 Supportassist For Home Pcs | 2023-12-10 | N/A | 6.5 MEDIUM |
Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | |||||
CVE-2022-23554 | 1 Alpine Project | 1 Alpine | 2023-12-10 | N/A | 5.4 MEDIUM |
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentication filter without aborting the request. Note that the principal object will not be assigned and therefore the issue wont allow user impersonation. This issue has been fixed in version 1.10.4. There are no known workarounds. | |||||
CVE-2022-41317 | 1 Squid-cache | 1 Squid | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7. | |||||
CVE-2022-47034 | 1 Playsms | 1 Playsms | 2023-12-10 | N/A | 9.8 CRITICAL |
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. | |||||
CVE-2022-34888 | 1 Lenovo | 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more | 2023-12-10 | N/A | 4.3 MEDIUM |
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. | |||||
CVE-2022-36148 | 1 Fdkaac Project | 1 Fdkaac | 2023-12-10 | N/A | 5.5 MEDIUM |
fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c. | |||||
CVE-2022-39308 | 1 Thoughtworks | 1 Gocd | 2023-12-10 | N/A | 5.9 MEDIUM |
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function. | |||||
CVE-2022-22203 | 1 Juniper | 11 Ex4600, Ex4650, Junos and 8 more | 2023-12-10 | N/A | 6.5 MEDIUM |
An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4. | |||||
CVE-2022-35434 | 1 Jpeg Quant Smooth Project | 1 Jpeg Quant Smooth | 2023-12-10 | N/A | 5.5 MEDIUM |
jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. | |||||
CVE-2022-35091 | 1 Swftools | 1 Swftools | 2023-12-10 | N/A | 5.5 MEDIUM |
SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow() | |||||
CVE-2022-38179 | 1 Jetbrains | 1 Ktor | 2023-12-10 | N/A | 6.1 MEDIUM |
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | |||||
CVE-2022-38230 | 1 Xpdf Project | 1 Xpdf | 2023-12-10 | N/A | 5.5 MEDIUM |
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. |