Total
140 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20072 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6735 and 53 more | 2024-08-03 | 6.7 Medium |
| In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118. | ||||
| CVE-2022-4293 | 1 Vim | 1 Vim | 2024-08-03 | 5.5 Medium |
| Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | ||||
| CVE-2023-50940 | 1 Ibm | 1 Powersc | 2024-08-02 | 5.3 Medium |
| IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130. | ||||
| CVE-2023-49994 | 1 Espeak-ng | 1 Espeak-ng | 2024-08-02 | 5.5 Medium |
| Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. | ||||
| CVE-2023-45213 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-08-02 | 6.6 Medium |
| A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | ||||
| CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2024-08-02 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||||
| CVE-2023-32571 | 1 Dynamic-linq | 1 Linq | 2024-08-02 | 9.8 Critical |
| Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. | ||||
| CVE-2023-27579 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. | ||||
| CVE-2023-25675 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1. | ||||
| CVE-2023-25673 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | ||||
| CVE-2023-25669 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | ||||
| CVE-2023-25666 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | ||||
| CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2024-08-02 | 6.8 Medium |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2023-23840 | 1 Solarwinds | 1 Orion Platform | 2024-08-02 | 6.8 Medium |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2023-23762 | 1 Github | 1 Enterprise Server | 2024-08-02 | 6.5 Medium |
| An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-22435 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-08-02 | 7.5 High |
| Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. | ||||
| CVE-2024-29026 | 2024-08-02 | 8.2 High | ||
| Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue. | ||||
| CVE-2024-28246 | 2024-08-02 | 5.5 Medium | ||
| KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability. | ||||
| CVE-2024-24621 | 1 Softaculous | 1 Webuzo | 2024-08-01 | 9.8 Critical |
| Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. | ||||
| CVE-2024-5217 | 1 Servicenow | 1 Servicenow | 2024-08-01 | 9.8 Critical |
| ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. | ||||