Total
115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35091 | 1 Swftools | 1 Swftools | 2024-02-28 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow() | |||||
| CVE-2022-38230 | 1 Xpdf Project | 1 Xpdf | 2024-02-28 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. | |||||
| CVE-2022-35434 | 1 Jpeg Quant Smooth Project | 1 Jpeg Quant Smooth | 2024-02-28 | N/A | 5.5 MEDIUM |
| jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. | |||||
| CVE-2022-39308 | 1 Thoughtworks | 1 Gocd | 2024-02-28 | N/A | 5.9 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function. | |||||
| CVE-2022-36148 | 1 Fdkaac Project | 1 Fdkaac | 2024-02-28 | N/A | 5.5 MEDIUM |
| fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c. | |||||
| CVE-2022-22203 | 1 Juniper | 11 Ex4600, Ex4650, Junos and 8 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4. | |||||
| CVE-2022-35962 | 1 Zulip | 1 Zulip | 2024-02-28 | N/A | 5.7 MEDIUM |
| Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. | |||||
| CVE-2022-38179 | 1 Jetbrains | 1 Ktor | 2024-02-28 | N/A | 6.1 MEDIUM |
| JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | |||||
| CVE-2022-31650 | 1 Sox Project | 1 Sox | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | |||||
| CVE-2021-27786 | 1 Hcltech | 1 Onetest Server | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. | |||||
| CVE-2022-20072 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6735 and 53 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118. | |||||
| CVE-2022-24787 | 1 Vyperlang | 1 Vyper | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds. | |||||
| CVE-2022-26691 | 4 Apple, Debian, Fedoraproject and 1 more | 6 Cups, Mac Os X, Macos and 3 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. | |||||
| CVE-2021-39514 | 1 Jpeg | 1 Libjpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-23146 | 1 Gallagher | 1 Command Centre | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. | |||||
| CVE-2022-23027 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-34141 | 2 Numpy, Oracle | 2 Numpy, Communications Cloud Native Core Policy | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." | |||||
| CVE-2021-39917 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack. | |||||
| CVE-2021-44971 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac5 and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. | |||||
| CVE-2021-44078 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-02-28 | 6.9 MEDIUM | 8.1 HIGH |
| An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine. | |||||