Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45927 | 2024-11-21 | 9.1 Critical | ||
| S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf(). | ||||
| CVE-2023-44203 | 1 Juniper | 26 Ex2300, Ex2300-24mp, Ex2300-24p and 23 more | 2024-11-21 | 6.5 Medium |
| An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2. | ||||
| CVE-2023-41378 | 1 Tigera | 3 Calico Cloud, Calico Enterprise, Calico Os | 2024-11-21 | 7.5 High |
| In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. | ||||
| CVE-2023-39136 | 1 Ziparchive Project | 1 Ziparchive | 2024-11-21 | 5.5 Medium |
| An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file. | ||||
| CVE-2023-38420 | 2024-11-21 | 3.8 Low | ||
| Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-36849 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 6.5 Medium |
| An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S3; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R3-S2-EVO; 22.1-EVO versions prior to 22.1R3-S3-EVO; 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; 22.3-EVO versions prior to 22.3R2-EVO. | ||||
| CVE-2023-36842 | 1 Juniper | 1 Junos | 2024-11-21 | 6.5 Medium |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2. | ||||
| CVE-2023-36831 | 2 Juniper, Juniper Networks | 32 Csrx, Junos, Srx100 and 29 more | 2024-11-21 | 7.5 High |
| An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system. The jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability. This issue affects Juniper Networks Junos OS on SRX Series: 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2-S1, 22.3R3; 22.4 versions prior to 22.4R1-S2, 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 22.2R2. | ||||
| CVE-2023-35867 | 1 Bosch | 20 Onvif Camera Event Driver Tool, Bosch Video Management System, Building Integration System Video Engine and 17 more | 2024-11-21 | 5.9 Medium |
| An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. | ||||
| CVE-2023-34348 | 1 Aveva | 1 Pi Server | 2024-11-21 | 7.5 High |
| AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition. | ||||
| CVE-2023-32230 | 1 Bosch | 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more | 2024-11-21 | 7.5 High |
| An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. | ||||
| CVE-2022-39911 | 1 Samsung | 1 Pass | 2024-11-21 | 4.8 Medium |
| Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. | ||||
| CVE-2022-32212 | 5 Debian, Fedoraproject, Nodejs and 2 more | 7 Debian Linux, Fedora, Node.js and 4 more | 2024-11-21 | 8.1 High |
| A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | ||||
| CVE-2022-31152 | 1 Matrix | 1 Synapse | 2024-11-21 | 6.4 Medium |
| Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. | ||||
| CVE-2022-30738 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 Medium |
| Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | ||||
| CVE-2022-27841 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | 4.3 Medium |
| Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | ||||
| CVE-2022-23004 | 1 Westerndigital | 1 Sweet B | 2024-11-21 | 5.3 Medium |
| When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | ||||
| CVE-2022-23003 | 1 Westerndigital | 1 Sweet B | 2024-11-21 | 5.3 Medium |
| When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | ||||
| CVE-2022-23002 | 1 Westerndigital | 1 Sweet B | 2024-11-21 | 5.3 Medium |
| When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | ||||
| CVE-2022-22290 | 1 Samsung | 1 Internet | 2024-11-21 | 6.5 Medium |
| Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | ||||