Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41990 | 1 Djangoproject | 1 Django | 2024-08-07 | N/A | 7.5 HIGH |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | |||||
| CVE-2024-41991 | 1 Djangoproject | 1 Django | 2024-08-07 | N/A | 7.5 HIGH |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | |||||
| CVE-2024-42460 | 2024-08-02 | N/A | 5.3 MEDIUM | ||
| In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. | |||||
| CVE-2024-39614 | 2024-08-01 | N/A | 7.5 HIGH | ||
| An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. | |||||
| CVE-2024-20416 | 2024-07-18 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device. | |||||
| CVE-2024-37988 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-12 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-38011 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-12 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-38010 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-12 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37989 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-12 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-38875 | 2024-07-12 | N/A | 7.5 HIGH | ||
| An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. | |||||
| CVE-2024-37305 | 2024-06-20 | N/A | 8.2 HIGH | ||
| oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue. | |||||
| CVE-2023-52547 | 2024-05-28 | N/A | 7.8 HIGH | ||
| Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM. | |||||
| CVE-2023-5393 | 2024-04-24 | N/A | 7.4 HIGH | ||
| Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2024-20685 | 2024-04-10 | N/A | 5.9 MEDIUM | ||
| Azure Private 5G Core Denial of Service Vulnerability | |||||
| CVE-2024-29064 | 2024-04-10 | N/A | 6.2 MEDIUM | ||
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-24976 | 2024-04-03 | N/A | 4.9 MEDIUM | ||
| A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-50248 | 1 Okfn | 1 Ckan | 2024-02-28 | N/A | 6.5 MEDIUM |
| CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10. | |||||
| CVE-2023-40167 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-02-28 | N/A | 5.3 MEDIUM |
| Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. | |||||
| CVE-2022-2714 | 1 Rosariosis | 1 Rosariosis | 2024-02-28 | N/A | 9.8 CRITICAL |
| Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. | |||||
| CVE-2021-38445 | 1 Objectcomputing | 1 Opendds | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code. | |||||