Total
351 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7923 | 1 Mongodb | 1 Mongodb | 2023-02-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19. | |||||
| CVE-2020-5387 | 1 Dell | 2 Xps 13 9370, Xps 13 9370 Firmware | 2023-01-31 | 4.9 MEDIUM | 4.4 MEDIUM |
| Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. | |||||
| CVE-2023-22391 | 1 Juniper | 1 Junos | 2023-01-24 | N/A | 7.5 HIGH |
| A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX2K Series: All versions prior to 19.4R3-S9; All 20.2 versions; 20.3 versions prior to 20.3R3-S6 on ACX2K Series; 20.4 versions prior to 20.4R3-S4 on ACX2K Series; All 21.1 versions; 21.2 versions prior to 21.2R3-S3 on ACX2K Series. Note: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release. | |||||
| CVE-2022-21813 | 2 Linux, Nvidia | 9 Linux Kernel, Cloud Gaming Guest, Geforce and 6 more | 2023-01-24 | 3.6 LOW | 6.1 MEDIUM |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | |||||
| CVE-2020-15701 | 1 Canonical | 2 Apport, Ubuntu Linux | 2023-01-23 | 2.1 LOW | 5.5 MEDIUM |
| An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6. | |||||
| CVE-2021-22922 | 5 Fedoraproject, Haxx, Netapp and 2 more | 22 Fedora, Curl, Cloud Backup and 19 more | 2023-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. | |||||
| CVE-2022-44652 | 1 Trendmicro | 1 Apex One | 2022-12-14 | N/A | 7.8 HIGH |
| An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-31799 | 3 Bottlepy, Debian, Fedoraproject | 3 Bottle, Debian Linux, Fedora | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Bottle before 0.12.20 mishandles errors during early request binding. | |||||
| CVE-2022-33748 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-12-12 | N/A | 5.6 MEDIUM |
| lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. | |||||
| CVE-2022-23496 | 1 Yet Another Useragent Analyzer Project | 1 Yet Another Useragent Analyzer | 2022-12-12 | N/A | 7.5 HIGH |
| Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library. | |||||
| CVE-2022-39912 | 1 Google | 1 Android | 2022-12-12 | N/A | 3.3 LOW |
| Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. | |||||
| CVE-2020-25691 | 1 Darkhttpd Project | 1 Darkhttpd | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-44030 | 1 Redmine | 1 Redmine | 2022-12-08 | N/A | 7.5 HIGH |
| Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user. | |||||
| CVE-2022-0264 | 1 Linux | 1 Linux Kernel | 2022-11-16 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 | |||||
| CVE-2020-12888 | 6 Canonical, Debian, Fedoraproject and 3 more | 39 Ubuntu Linux, Debian Linux, Fedora and 36 more | 2022-11-14 | 4.7 MEDIUM | 5.3 MEDIUM |
| The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | |||||
| CVE-2020-13410 | 1 Aedes Project | 1 Aedes | 2022-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. | |||||
| CVE-2021-28876 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2022-11-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2014-1943 | 4 Canonical, Debian, Fine Free File Project and 1 more | 4 Ubuntu Linux, Debian Linux, Fine Free File and 1 more | 2022-10-31 | 5.0 MEDIUM | N/A |
| Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. | |||||
| CVE-2021-33477 | 6 Debian, Eterm Project, Fedoraproject and 3 more | 6 Debian Linux, Eterm, Fedora and 3 more | 2022-10-28 | 6.5 MEDIUM | 8.8 HIGH |
| rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. | |||||
| CVE-2020-2757 | 7 Canonical, Debian, Fedoraproject and 4 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2022-10-27 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||