Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23572 | 1 Google | 1 Tensorflow | 2024-08-03 | 6.5 Medium |
| Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. | ||||
| CVE-2022-21737 | 1 Google | 1 Tensorflow | 2024-08-03 | 6.5 Medium |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | ||||
| CVE-2022-21676 | 1 Socket | 1 Engine.io | 2024-08-03 | 7.5 High |
| Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version. | ||||
| CVE-2022-20950 | 1 Cisco | 1 Firepower Threat Defense | 2024-08-03 | 5.8 Medium |
| A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition. | ||||
| CVE-2022-20588 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
| In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A | ||||
| CVE-2022-20426 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 | ||||
| CVE-2022-20130 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
| In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979 | ||||
| CVE-2022-3616 | 1 Cloudflare | 1 Octorpki | 2024-08-03 | 5.4 Medium |
| Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability. | ||||
| CVE-2022-3192 | 1 Abb | 30 Ac500 Cpu Firmware, Pm5630-2eth, Pm5650-2eth and 27 more | 2024-08-03 | 5.3 Medium |
| Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6. | ||||
| CVE-2023-52722 | 2024-08-02 | 5.3 Medium | ||
| An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. | ||||
| CVE-2023-52710 | 1 Huawei | 1 Curiem Wfg98 Bios | 2024-08-02 | 7.8 High |
| Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM. | ||||
| CVE-2023-49607 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 4.3 Medium |
| Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog. | ||||
| CVE-2023-49286 | 2 Redhat, Squid-cache | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-08-02 | 8.6 High |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48698 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-08-02 | 6.8 Medium |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48696 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-08-02 | 6.7 Medium |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48431 | 1 Siemens | 1 Sinec Ins | 2024-08-02 | 6.8 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427). | ||||
| CVE-2023-48429 | 1 Siemens | 1 Sinec Ins | 2024-08-02 | 2.7 Low |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart. | ||||
| CVE-2023-44099 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
| Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption. | ||||
| CVE-2023-41992 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-08-02 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | ||||
| CVE-2023-38420 | 2024-08-02 | 3.8 Low | ||
| Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access. | ||||