Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44196 | 1 Juniper | 2 Junos Os Evolved, Ptx10003 | 2024-11-21 | N/A | 6.5 MEDIUM |
| An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later; * 21.2-EVO versions prior to 21.2R3-S6-EVO; * 21.3-EVO version 21.3R1-EVO and later; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-S4-EVO; * 22.2-EVO versions prior to 22.2R3-S3-EVO; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R2-EVO. | |||||
| CVE-2023-44099 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption. | |||||
| CVE-2023-41304 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window. | |||||
| CVE-2023-39205 | 1 Zoom | 4 Meetings, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2023-38420 | 2024-11-21 | N/A | 3.8 LOW | ||
| Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-38283 | 2 Openbgpd, Openbsd | 2 Openbgpd, Openbsd | 2024-11-21 | N/A | 5.3 MEDIUM |
| In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006. | |||||
| CVE-2023-38069 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 3.3 LOW |
| In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases | |||||
| CVE-2023-37899 | 1 Feathersjs | 1 Feathers | 2024-11-21 | N/A | 7.5 HIGH |
| Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability. | |||||
| CVE-2023-36835 | 1 Juniper | 5 Junos, Qfx10002, Qfx10002-60c and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS). If a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedge condition due to which traffic gets impacted. As this is not a crash and restart scenario, this condition will persist until the system is rebooted to recover. This issue affects Juniper Networks Junos OS on QFX10000: 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S5; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S2, 22.3R2. | |||||
| CVE-2023-35849 | 1 Virtualsquare | 1 Picotcp | 2024-11-21 | N/A | 7.5 HIGH |
| VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. | |||||
| CVE-2023-34733 | 1 Vw | 1 Discover Media Infotainment System | 2024-11-21 | N/A | 6.8 MEDIUM |
| A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature. | |||||
| CVE-2023-34449 | 1 Parity | 1 Ink\! | 2024-11-21 | N/A | 5.3 MEDIUM |
| ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch. | |||||
| CVE-2023-34348 | 1 Aveva | 1 Pi Server | 2024-11-21 | N/A | 7.5 HIGH |
| AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition. | |||||
| CVE-2023-34099 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A | 5.3 MEDIUM |
| Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32726 | 1 Zabbix | 1 Zabbix-agent | 2024-11-21 | N/A | 3.9 LOW |
| The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. | |||||
| CVE-2023-32716 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. | |||||
| CVE-2023-32695 | 1 Socket | 1 Socket.io-parser | 2024-11-21 | N/A | 7.3 HIGH |
| socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. | |||||
| CVE-2023-30591 | 1 Nodebb | 1 Nodebb | 2024-11-21 | N/A | 7.5 HIGH |
| Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. | |||||
| CVE-2023-29198 | 1 Electronjs | 1 Electron | 2024-11-21 | N/A | 6.0 MEDIUM |
| Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`. | |||||
| CVE-2023-28979 | 1 Juniper | 1 Junos | 2024-11-21 | N/A | 4.7 MEDIUM |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded to other connected networks. This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. | |||||