Total
104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24825 | 1 Riot-os | 1 Riot | 2023-06-07 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds. | |||||
| CVE-2023-3013 | 1 Gpac | 1 Gpac | 2023-06-06 | N/A | 7.1 HIGH |
| Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. | |||||
| CVE-2022-23806 | 3 Debian, Golang, Netapp | 6 Debian Linux, Go, Beegfs Csi Driver and 3 more | 2023-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | |||||
| CVE-2019-15942 | 1 Ffmpeg | 1 Ffmpeg | 2023-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | |||||
| CVE-2022-23476 | 1 Nokogiri | 1 Nokogiri | 2022-12-10 | N/A | 7.5 HIGH |
| Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. | |||||
| CVE-2022-0485 | 1 Redhat | 2 Enterprise Linux, Libnbd | 2022-12-01 | N/A | 4.8 MEDIUM |
| A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. | |||||
| CVE-2022-1319 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 4 more | 2022-11-07 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | |||||
| CVE-2021-28875 | 1 Rust-lang | 1 Rust | 2022-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | |||||
| CVE-2022-40279 | 1 Samsung | 1 Tizenrt | 2022-09-30 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction). | |||||
| CVE-2022-31220 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 5.1 MEDIUM |
| Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||||
| CVE-2022-31225 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 5.1 MEDIUM |
| Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||||
| CVE-2022-31170 | 1 Openzeppelin | 1 Contracts | 2022-08-01 | N/A | 7.5 HIGH |
| OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1. The contracts that may be affected are those that use `ERC165Checker` to check for support for an interface and then handle the lack of support in a way other than reverting. The issue was patched in version 4.7.1. | |||||
| CVE-2021-39643 | 1 Google | 1 Android | 2022-07-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195573629References: N/A | |||||
| CVE-2022-21211 | 1 Posix Project | 1 Posix | 2022-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. | |||||
| CVE-2022-31089 | 1 Parseplatform | 1 Parse-server | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2021-41041 | 2 Eclipse, Oracle | 2 Openj9, Java Se | 2022-05-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | |||||
| CVE-2021-28906 | 1 Cesnet | 1 Libyang | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. | |||||
| CVE-2021-28904 | 1 Cesnet | 1 Libyang | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. | |||||
| CVE-2021-28902 | 1 Cesnet | 1 Libyang | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. | |||||
| CVE-2021-3911 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2022-04-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | |||||