Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34999 | 1 Bitbanksoftware | 1 Jpegdec | 2022-08-19 | N/A | 5.5 MEDIUM |
| JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl. | |||||
| CVE-2022-35434 | 1 Jpeg Quant Smooth Project | 1 Jpeg Quant Smooth | 2022-08-18 | N/A | 5.5 MEDIUM |
| jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. | |||||
| CVE-2022-36148 | 1 Fdkaac Project | 1 Fdkaac | 2022-08-18 | N/A | 5.5 MEDIUM |
| fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c. | |||||
| CVE-2022-38230 | 1 Xpdf Project | 1 Xpdf | 2022-08-18 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. | |||||
| CVE-2022-38179 | 1 Jetbrains | 1 Ktor | 2022-08-16 | N/A | 6.1 MEDIUM |
| JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | |||||
| CVE-2022-22203 | 1 Juniper | 11 Ex4600, Ex4650, Junos and 8 more | 2022-07-27 | N/A | 6.5 MEDIUM |
| An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4. | |||||
| CVE-2020-25580 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. | |||||
| CVE-2021-35970 | 1 Voxmedia | 1 Coral Talk | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. | |||||
| CVE-2021-1904 | 1 Qualcomm | 350 Apq8009, Apq8009 Firmware, Apq8009w and 347 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-44971 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac5 and 1 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. | |||||
| CVE-2021-35973 | 1 Netgear | 2 Wac104, Wac104 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory). | |||||
| CVE-2020-22784 | 1 Etherpad | 1 Ueberdb | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names. | |||||
| CVE-2021-27786 | 1 Hcltech | 1 Onetest Server | 2022-06-16 | 6.8 MEDIUM | 9.8 CRITICAL |
| Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. | |||||
| CVE-2020-13559 | 1 Freyrscada | 1 Iec-60879-5-104 Server Simulator | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2019-20634 | 1 Proofpoint | 1 Email Protection | 2022-04-27 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails. | |||||
| CVE-2021-23999 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2022-20072 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6735 and 53 more | 2022-04-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118. | |||||
| CVE-2020-5849 | 1 Unraid | 1 Unraid | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| Unraid 6.8.0 allows authentication bypass. | |||||
| CVE-2022-24787 | 1 Vyper Project | 1 Vyper | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds. | |||||