Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-0984 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192475653 | |||||
CVE-2021-46322 | 1 Duktape Project | 1 Duktape | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c. | |||||
CVE-2021-44717 | 3 Debian, Golang, Opengroup | 3 Debian Linux, Go, Unix | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |||||
CVE-2021-40833 | 3 Apple, F-secure, Microsoft | 7 Macos, Atlant, Elements Endpoint Protection and 4 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | |||||
CVE-2021-41441 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-02-28 | 7.1 HIGH | 7.4 HIGH |
A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot. | |||||
CVE-2013-1054 | 1 Canonical | 2 Ubuntu Linux, Unity-firefox-extension | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely. | |||||
CVE-2021-1093 | 2 Debian, Nvidia | 2 Debian Linux, Gpu Display Driver | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. | |||||
CVE-2021-38623 | 1 Deferred Image Processing Project | 1 Deferred Image Processing | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption. | |||||
CVE-2013-1055 | 1 Canonical | 2 Ubuntu Linux, Unity-firefox-extension | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package. | |||||
CVE-2021-27458 | 1 Jtekt | 36 2port-efr Thu-6404, 2port-efr Thu-6404 Firmware, Fl\/et-t-v2h Thu-6289 and 33 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters. | |||||
CVE-2021-29962 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. | |||||
CVE-2021-1098 | 1 Nvidia | 1 Virtual Gpu | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious guest to perform operations by reusing those resources, which may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8). | |||||
CVE-2021-21003 | 1 Phoenixcontact | 30 Fl Nat Smn 8tx, Fl Nat Smn 8tx-m, Fl Nat Smn 8tx-m Firmware and 27 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected. | |||||
CVE-2021-1077 | 1 Nvidia | 1 Gpu Display Driver | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service. | |||||
CVE-2020-24360 | 1 Arista | 27 7280cr2ak-30, 7280cr2k-60, 7280cr3-32d4 and 24 more | 2024-02-28 | 6.1 MEDIUM | 7.4 HIGH |
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train. | |||||
CVE-2019-19343 | 2 Netapp, Redhat | 4 Active Iq Unified Manager, Jboss-remoting, Jboss Enterprise Application Platform and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. | |||||
CVE-2021-26906 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. | |||||
CVE-2020-27283 | 1 Redlion | 1 Crimson | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations. | |||||
CVE-2020-0414 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122 | |||||
CVE-2020-28874 | 1 Projectsend | 1 Projectsend | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter). |