Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43763 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-02-04 | N/A | 7.5 HIGH |
| Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. | |||||
| CVE-2022-3108 | 1 Linux | 1 Linux Kernel | 2024-02-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | |||||
| CVE-2022-23495 | 1 Protocol | 1 Go-merkledag | 2024-02-04 | N/A | 7.5 HIGH |
| go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form. Due to conformance with the [`github.com/ipfs/go-block-format#Block`](https://pkg.go.dev/github.com/ipfs/go-block-format#Block) and [`github.com/ipfs/go-ipld-format#Node`](https://pkg.go.dev/github.com/ipfs/go-ipld-format#Node) interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error. This issue has been addressed across a number of pull requests. Users are advised to upgrade to version 0.8.1 for a complete set of fixes. Users unable to upgrade may attempt to mitigate this issue by sanitising inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode` and by sanitising `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input. | |||||
| CVE-2022-43765 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-02-04 | N/A | 7.5 HIGH |
| B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. | |||||
| CVE-2023-23003 | 1 Linux | 1 Linux Kernel | 2024-02-04 | N/A | 4.0 MEDIUM |
| In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. | |||||
| CVE-2021-32845 | 1 Mobyproject | 1 Hyperkit | 2024-02-04 | N/A | 7.8 HIGH |
| HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948. | |||||
| CVE-2022-3807 | 1 Axiosys | 1 Bento4 | 2024-02-04 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660. | |||||
| CVE-2022-0485 | 1 Redhat | 2 Enterprise Linux, Libnbd | 2024-02-04 | N/A | 4.8 MEDIUM |
| A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. | |||||
| CVE-2022-22231 | 1 Juniper | 9 Junos, Srx1500, Srx4100 and 6 more | 2024-02-04 | N/A | 7.5 HIGH |
| An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. | |||||
| CVE-2022-31220 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-02-04 | N/A | 5.1 MEDIUM |
| Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||||
| CVE-2022-25718 | 1 Qualcomm | 284 Apq8009, Apq8009 Firmware, Apq8009w and 281 more | 2024-02-04 | N/A | 9.8 CRITICAL |
| Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-31225 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-02-04 | N/A | 5.1 MEDIUM |
| Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||||
| CVE-2022-22233 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-02-04 | N/A | 5.5 MEDIUM |
| An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO. | |||||
| CVE-2022-1319 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 4 more | 2024-02-04 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | |||||
| CVE-2022-31170 | 1 Openzeppelin | 1 Contracts | 2024-02-04 | N/A | 7.5 HIGH |
| OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1. The contracts that may be affected are those that use `ERC165Checker` to check for support for an interface and then handle the lack of support in a way other than reverting. The issue was patched in version 4.7.1. | |||||
| CVE-2021-4189 | 4 Debian, Netapp, Python and 1 more | 5 Debian Linux, Ontap Select Deploy Administration Utility, Python and 2 more | 2024-02-04 | N/A | 5.3 MEDIUM |
| A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | |||||
| CVE-2021-41041 | 2 Eclipse, Oracle | 2 Openj9, Java Se | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | |||||
| CVE-2021-0155 | 1 Intel | 346 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 343 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-0907 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. | |||||
| CVE-2022-31089 | 1 Parseplatform | 1 Parse-server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. | |||||