Total
514 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20699 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2023-6866 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 8.8 HIGH |
| TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-6599 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-5824 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service. | |||||
| CVE-2023-5090 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 6.0 MEDIUM |
| A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. | |||||
| CVE-2023-52075 | 1 Revanced | 1 Revanced | 2024-11-21 | N/A | 7.5 HIGH |
| ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching. | |||||
| CVE-2023-50728 | 2 Octokit, Probot | 4 App, Octokit, Webhooks and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3. | |||||
| CVE-2023-4537 | 2024-11-21 | N/A | 7.4 HIGH | ||
| Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2. | |||||
| CVE-2023-47100 | 1 Perl | 1 Perl | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. | |||||
| CVE-2023-46673 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | N/A | 6.5 MEDIUM |
| It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. | |||||
| CVE-2023-46297 | 2024-11-21 | N/A | 5.1 MEDIUM | ||
| An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior. | |||||
| CVE-2023-45820 | 1 Monospace | 1 Directus | 2024-11-21 | N/A | 5.9 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets. | |||||
| CVE-2023-44488 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | |||||
| CVE-2023-44186 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | N/A | 7.5 HIGH |
| An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition. This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue affects: Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions prior to 22.2R3-S2-EVO; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO. | |||||
| CVE-2023-43251 | 1 Xnview | 1 Nconvert | 2024-11-21 | N/A | 7.8 HIGH |
| XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | |||||
| CVE-2023-43087 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 4.3 MEDIUM |
| Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. | |||||
| CVE-2023-42578 | 1 Samsung | 1 Cloud | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. | |||||
| CVE-2023-42559 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.9 MEDIUM |
| Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. | |||||
| CVE-2023-41378 | 1 Tigera | 3 Calico Cloud, Calico Enterprise, Calico Os | 2024-11-21 | N/A | 7.5 HIGH |
| In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. | |||||
| CVE-2023-41332 | 1 Cilium | 1 Cilium | 2024-11-21 | N/A | 3.5 LOW |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users unable to upgrade can avoid this denial of service attack by enabling the Layer 7 proxy. | |||||