Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10003 | 1 Squid-cache | 1 Squid | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. | |||||
| CVE-2023-49994 | 1 Espeak-ng | 1 Espeak-ng | 2024-01-19 | N/A | 5.5 MEDIUM |
| Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. | |||||
| CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2023-12-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-23840 | 1 Solarwinds | 1 Orion Platform | 2023-12-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2023-12-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2022-43621 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2023-11-08 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16152. | |||||
| CVE-2023-27579 | 1 Google | 1 Tensorflow | 2023-11-07 | N/A | 7.5 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. | |||||
| CVE-2023-25669 | 1 Google | 1 Tensorflow | 2023-11-07 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
| CVE-2023-25673 | 1 Google | 1 Tensorflow | 2023-11-07 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
| CVE-2022-34366 | 1 Dell | 1 Supportassist For Home Pcs | 2023-11-07 | N/A | 6.5 MEDIUM |
| Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | |||||
| CVE-2022-26691 | 4 Apple, Debian, Fedoraproject and 1 more | 6 Cups, Mac Os X, Macos and 3 more | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. | |||||
| CVE-2021-41500 | 2 Cvxopt Project, Fedoraproject | 2 Cvxopt, Fedora | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. | |||||
| CVE-2011-3903 | 1 Google | 1 Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2023-46660 | 1 Jenkins | 1 Zanata | 2023-11-01 | N/A | 5.3 MEDIUM |
| Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2023-46657 | 1 Jenkins | 1 Gogs | 2023-11-01 | N/A | 5.3 MEDIUM |
| Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2023-46656 | 1 Jenkins | 1 Multibranch Scan Webhook Trigger | 2023-11-01 | N/A | 5.3 MEDIUM |
| Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2023-46658 | 1 Jenkins | 1 Msteams Webhook Trigger | 2023-11-01 | N/A | 5.3 MEDIUM |
| Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2023-45133 | 2 Babeljs, Debian | 9 Babel, Babel-helper-define-polyfill-provider, Babel-plugin-polyfill-corejs2 and 6 more | 2023-10-24 | N/A | 8.8 HIGH |
| Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3. | |||||
| CVE-2023-44378 | 1 Consensys | 1 Gnark | 2023-10-13 | N/A | 5.5 MEDIUM |
| gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. | |||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||