Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34999 | 1 Bitbanksoftware | 1 Jpegdec | 2023-12-10 | N/A | 5.5 MEDIUM |
| JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl. | |||||
| CVE-2022-35962 | 1 Zulip | 1 Zulip | 2023-12-10 | N/A | 5.7 MEDIUM |
| Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. | |||||
| CVE-2021-27786 | 1 Hcltech | 1 Onetest Server | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. | |||||
| CVE-2022-20072 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6735 and 53 more | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118. | |||||
| CVE-2022-31650 | 1 Sox Project | 1 Sox | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | |||||
| CVE-2022-26691 | 4 Apple, Debian, Fedoraproject and 1 more | 6 Cups, Mac Os X, Macos and 3 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. | |||||
| CVE-2022-24787 | 1 Vyperlang | 1 Vyper | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds. | |||||
| CVE-2022-23027 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-39514 | 1 Jpeg | 1 Libjpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2022-22990 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
| A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. | |||||
| CVE-2021-41500 | 2 Cvxopt Project, Fedoraproject | 2 Cvxopt, Fedora | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. | |||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-40562 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service. | |||||
| CVE-2021-44078 | 1 Unicorn-engine | 1 Unicorn Engine | 2023-12-10 | 6.9 MEDIUM | 8.1 HIGH |
| An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine. | |||||
| CVE-2021-34141 | 2 Numpy, Oracle | 2 Numpy, Communications Cloud Native Core Policy | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." | |||||
| CVE-2020-23478 | 1 Leoeditor | 1 Leo | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | |||||
| CVE-2021-23146 | 1 Gallagher | 1 Command Centre | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. | |||||
| CVE-2021-34865 | 1 Netgear | 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. | |||||
| CVE-2021-3833 | 1 Artica | 1 Integria Ims | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords. | |||||
| CVE-2021-39917 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack. | |||||