Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1620 | 1 Wago | 152 750-331, 750-331 Firmware, 750-8202 and 149 more | 2024-10-02 | N/A | 4.9 MEDIUM |
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. | |||||
CVE-2023-1619 | 1 Wago | 152 750-331, 750-331 Firmware, 750-8202 and 149 more | 2024-10-02 | N/A | 4.9 MEDIUM |
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. | |||||
CVE-2024-5953 | 2024-10-01 | N/A | 5.7 MEDIUM | ||
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. | |||||
CVE-2024-27375 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-08-21 | N/A | 7.8 HIGH |
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which can lead to a heap overwrite. | |||||
CVE-2024-27371 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-08-21 | N/A | 7.8 HIGH |
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite. | |||||
CVE-2024-31136 | 2024-03-28 | N/A | 7.4 HIGH | ||
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | |||||
CVE-2024-31140 | 2024-03-28 | N/A | 4.1 MEDIUM | ||
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | |||||
CVE-2024-25951 | 2024-03-11 | N/A | 8.0 HIGH | ||
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. | |||||
CVE-2022-39353 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2024-02-04 | N/A | 9.8 CRITICAL |
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`. |