Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6382 | 2024-07-03 | N/A | 6.4 MEDIUM | ||
| Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2 | |||||
| CVE-2024-22815 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands. | |||||
| CVE-2024-22809 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information. | |||||
| CVE-2024-21612 | 1 Juniper | 1 Junos Os Evolved | 2024-01-29 | N/A | 7.5 HIGH |
| An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO. | |||||
| CVE-2020-27847 | 1 Linuxfoundation | 1 Dex | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0. | |||||
| CVE-2023-39915 | 1 Nlnetlabs | 1 Routinator | 2023-09-15 | N/A | 7.5 HIGH |
| NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914. | |||||
| CVE-2023-39914 | 1 Nlnetlabs | 1 Bcder | 2023-09-15 | N/A | 7.5 HIGH |
| NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. | |||||
| CVE-2021-38443 | 1 Eclipse | 1 Cyclonedds | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. | |||||
| CVE-2021-36199 | 1 Johnsoncontrols | 1 Videoedge | 2022-01-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop. | |||||
| CVE-2018-5381 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. | |||||