Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23003 | 1 Linux | 1 Linux Kernel | 2023-03-09 | N/A | 7.8 HIGH |
| In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. | |||||
| CVE-2019-15942 | 1 Ffmpeg | 1 Ffmpeg | 2023-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | |||||
| CVE-2021-40401 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2023-02-22 | 6.8 MEDIUM | 8.6 HIGH |
| A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-43765 | 1 Br-automation | 1 Industrial Automation Aprol | 2023-02-18 | N/A | 7.5 HIGH |
| B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. | |||||
| CVE-2022-43763 | 1 Br-automation | 1 Industrial Automation Aprol | 2023-02-18 | N/A | 7.5 HIGH |
| Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. | |||||
| CVE-2018-14622 | 4 Canonical, Debian, Libtirpc Project and 1 more | 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. | |||||
| CVE-2022-30783 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-01-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
| CVE-2022-3108 | 1 Linux | 1 Linux Kernel | 2022-12-16 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | |||||
| CVE-2022-23495 | 1 Protocol | 1 Go-merkledag | 2022-12-12 | N/A | 7.5 HIGH |
| go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A `ProtoNode` should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error from the codec. Manipulation of an existing (newly created or decoded) `ProtoNode` using the modifier methods did not account for certain states that would place the `ProtoNode` into an unencodeable form. Due to conformance with the [`github.com/ipfs/go-block-format#Block`](https://pkg.go.dev/github.com/ipfs/go-block-format#Block) and [`github.com/ipfs/go-ipld-format#Node`](https://pkg.go.dev/github.com/ipfs/go-ipld-format#Node) interfaces, certain methods, which internally require a re-encode if state has changed, will panic due to the inability to return an error. This issue has been addressed across a number of pull requests. Users are advised to upgrade to version 0.8.1 for a complete set of fixes. Users unable to upgrade may attempt to mitigate this issue by sanitising inputs when allowing user-input to set a new `CidBuilder` on a `ProtoNode` and by sanitising `Tsize` (`Link#Size`) values such that they are a reasonable byte-size for sub-DAGs where derived from user-input. | |||||
| CVE-2022-23476 | 1 Nokogiri | 1 Nokogiri | 2022-12-09 | N/A | 7.5 HIGH |
| Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. | |||||
| CVE-2021-4189 | 4 Debian, Netapp, Python and 1 more | 5 Debian Linux, Ontap Select Deploy Administration Utility, Python and 2 more | 2022-12-07 | N/A | 5.3 MEDIUM |
| A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | |||||
| CVE-2022-0485 | 1 Redhat | 2 Enterprise Linux, Libnbd | 2022-12-01 | N/A | 4.8 MEDIUM |
| A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. | |||||
| CVE-2022-23806 | 3 Debian, Golang, Netapp | 6 Debian Linux, Go, Beegfs Csi Driver and 3 more | 2022-11-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | |||||
| CVE-2022-1319 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 4 more | 2022-11-07 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | |||||
| CVE-2021-28875 | 1 Rust-lang | 1 Rust | 2022-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | |||||
| CVE-2021-3673 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. | |||||
| CVE-2022-40279 | 1 Samsung | 1 Tizenrt | 2022-09-30 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction). | |||||
| CVE-2021-42780 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. | |||||
| CVE-2022-40716 | 1 Hashicorp | 1 Consul | 2022-09-26 | N/A | 6.5 MEDIUM |
| HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2." | |||||
| CVE-2022-38936 | 1 Pbc Project | 1 Pbc | 2022-09-26 | N/A | 7.5 HIGH |
| An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137. | |||||