Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29944 | 1 Opennetworking | 1 Onos | 2024-02-04 | N/A | 5.3 MEDIUM |
| An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed. | |||||
| CVE-2023-25669 | 1 Google | 1 Tensorflow | 2024-02-04 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
| CVE-2022-43621 | 2024-02-04 | N/A | 8.8 HIGH | ||
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16152. | |||||
| CVE-2023-36829 | 1 Functional | 1 Sentry | 2024-02-04 | N/A | 5.4 MEDIUM |
| Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2. | |||||
| CVE-2022-41317 | 1 Squid-cache | 1 Squid | 2024-02-04 | N/A | 6.5 MEDIUM |
| An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7. | |||||
| CVE-2022-23554 | 1 Alpine Project | 1 Alpine | 2024-02-04 | N/A | 5.4 MEDIUM |
| Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentication filter without aborting the request. Note that the principal object will not be assigned and therefore the issue wont allow user impersonation. This issue has been fixed in version 1.10.4. There are no known workarounds. | |||||
| CVE-2022-47034 | 1 Playsms | 1 Playsms | 2024-02-04 | N/A | 9.8 CRITICAL |
| A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. | |||||
| CVE-2022-34366 | 1 Dell | 1 Supportassist For Home Pcs | 2024-02-04 | N/A | 6.5 MEDIUM |
| Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | |||||
| CVE-2022-35962 | 1 Zulip | 1 Zulip | 2024-02-04 | N/A | 5.7 MEDIUM |
| Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. | |||||
| CVE-2022-35434 | 1 Jpeg Quant Smooth Project | 1 Jpeg Quant Smooth | 2024-02-04 | N/A | 5.5 MEDIUM |
| jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. | |||||
| CVE-2022-22203 | 1 Juniper | 11 Ex4600, Ex4650, Junos and 8 more | 2024-02-04 | N/A | 6.5 MEDIUM |
| An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4. | |||||
| CVE-2022-38230 | 1 Xpdf Project | 1 Xpdf | 2024-02-04 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. | |||||
| CVE-2022-36148 | 1 Fdkaac Project | 1 Fdkaac | 2024-02-04 | N/A | 5.5 MEDIUM |
| fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c. | |||||
| CVE-2022-39308 | 1 Thoughtworks | 1 Gocd | 2024-02-04 | N/A | 5.9 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function. | |||||
| CVE-2022-38179 | 1 Jetbrains | 1 Ktor | 2024-02-04 | N/A | 6.1 MEDIUM |
| JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | |||||
| CVE-2022-34999 | 1 Bitbanksoftware | 1 Jpegdec | 2024-02-04 | N/A | 5.5 MEDIUM |
| JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl. | |||||
| CVE-2022-24787 | 1 Vyperlang | 1 Vyper | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds. | |||||
| CVE-2021-27786 | 1 Hcltech | 1 Onetest Server | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. | |||||
| CVE-2022-31650 | 1 Sox Project | 1 Sox | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | |||||
| CVE-2022-26691 | 4 Apple, Debian, Fedoraproject and 1 more | 6 Cups, Mac Os X, Macos and 3 more | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. | |||||