| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22. |
| Transient DOS while processing IOCTL call for image encoding. |
| IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted. |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.
When an output firewall filter is configured with one or more terms where the action is 'reject', packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.
This issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.
This issue affects Junos OS Evolved on PTX Series:
* all versions before 22.4R3-EVO,
* 23.2 versions before 23.2R2-EVO. |
| An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to cause rpd to crash and restart, leading to a Denial of Service (DoS).
With BGP sharding enabled, triggering route resolution of an indirect next-hop (e.g., an IGP route change over which a BGP route gets resolved), may cause rpd to crash and restart. An attacker causing continuous IGP route churn, resulting in repeated route re-resolution, will increase the likelihood of triggering this issue, leading to a potentially extended DoS condition.
This issue affects:
Junos OS:
* all versions before 21.4R3-S6,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;
Junos OS Evolved:
* all versions before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-EVO,
* from 23.2 before 23.2R2-EVO.
Versions before Junos OS 21.3R1 and Junos OS Evolved 21.3R1-EVO are unaffected by this issue. |
| BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL. |
| Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf. |
| BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL. |
| Memory corruption during PlayReady APP usecase while processing TA commands. |
| A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When forwarding-options sampling is enabled, receipt of any traffic destined to the Routing Engine (RE) by the PFE line card leads to an FPC crash and restart, resulting in a Denial of Service (DoS).
Continued receipt and processing of any traffic leading to the RE by the PFE line card will create a sustained Denial of Service (DoS) condition to the PFE line card.
This issue affects Junos OS on SRX4700:
* from 24.4 before 24.4R1-S3, 24.4R2
This issue affects IPv4 and IPv6. |
| Memory corruption while processing a malformed license file during reboot. |
| A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. |
| A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used. |
| Memory corruption while performing SCM call. |
| There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 |
| The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. |
| CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured). |
| Memory corruption while performing SCM call with malformed inputs. |
| Memory corruption while processing escape commands from userspace. |
