Total
433 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38384 | 1 Serverless Offline Project | 1 Serverless Offline | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions). | |||||
| CVE-2021-39157 | 1 Detect-character-encoding Project | 1 Detect-character-encoding | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue. | |||||
| CVE-2021-1906 | 1 Qualcomm | 800 Apq8009, Apq8009 Firmware, Apq8009w and 797 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-29619 | 1 Google | 1 Tensorflow | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2020-19473 | 1 Flowpaper | 1 Pdf2json | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an uncaught floating point exception. | |||||
| CVE-2021-0264 | 1 Juniper | 21 Junos, Junos Os Evolved, Mx10 and 18 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. 'term <name> then syslog'), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. | |||||
| CVE-2019-4722 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128. | |||||
| CVE-2021-28876 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2021-39131 | 1 Ced Project | 1 Ced | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a `Buffer` using `Buffer.isBuffer(obj)`. | |||||
| CVE-2020-25602 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2023-12-10 | 4.6 MEDIUM | 6.0 MEDIUM |
| An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability. | |||||
| CVE-2020-5665 | 1 Mitsubishielectric | 2 Melsec Iq-f Fx5u Cpu, Melsec Iq-f Fx5u Cpu Firmware | 2023-12-10 | 3.3 LOW | 7.4 HIGH |
| Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet. | |||||
| CVE-2020-0318 | 1 Google | 1 Android | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131 | |||||
| CVE-2020-26195 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. | |||||
| CVE-2020-5801 | 1 Rockwellautomation | 1 Factorytalk Linx | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | |||||
| CVE-2021-3127 | 1 Nats | 2 Jwt Library, Nats Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | |||||
| CVE-2021-28831 | 3 Busybox, Debian, Fedoraproject | 3 Busybox, Debian Linux, Fedora | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | |||||
| CVE-2021-28971 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. | |||||
| CVE-2020-27543 | 1 Restify-paginate Project | 1 Restify-paginate | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. | |||||
| CVE-2020-16005 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-4388 | 1 Ibm | 1 Cognos Analytics | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270. | |||||