Total
326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21375 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-10-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service. | |||||
| CVE-2022-22235 | 1 Juniper | 29 Junos, Srx100, Srx110 and 26 more | 2022-10-21 | N/A | 7.5 HIGH |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1. | |||||
| CVE-2022-22238 | 1 Juniper | 2 Junos, Junos Os Evolved | 2022-10-21 | N/A | 6.5 MEDIUM |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO. | |||||
| CVE-2020-15223 | 1 Ory | 1 Fosite | 2022-10-21 | 4.0 MEDIUM | 8.0 HIGH |
| In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0 | |||||
| CVE-2022-22227 | 1 Juniper | 4 Acx7100-32c, Acx7100-48l, Acx7509 and 1 more | 2022-10-21 | N/A | 5.3 MEDIUM |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO. | |||||
| CVE-2022-22218 | 1 Juniper | 29 Junos, Srx100, Srx110 and 26 more | 2022-10-21 | N/A | 7.5 HIGH |
| On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to crash. A restart is required to restore services. This issue affects: Juniper Networks Junos OS on SRX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. | |||||
| CVE-2022-41587 | 1 Huawei | 1 Emui | 2022-10-18 | N/A | 5.3 MEDIUM |
| Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. | |||||
| CVE-2022-39288 | 1 Fastify | 1 Fastify | 2022-10-12 | N/A | 7.5 HIGH |
| fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers. | |||||
| CVE-2022-23712 | 1 Elastic | 1 Elasticsearch | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. | |||||
| CVE-2020-36382 | 1 Openvpn | 1 Openvpn Access Server | 2022-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service. | |||||
| CVE-2022-36046 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2022-09-07 | N/A | 5.3 MEDIUM |
| Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests. | |||||
| CVE-2022-27563 | 1 Hcltech | 1 Versionvault Express | 2022-09-06 | N/A | 7.5 HIGH |
| An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service. | |||||
| CVE-2019-6831 | 1 Schneider-electric | 2 Bmxnor0200h, Bmxnor0200h Firmware | 2022-09-03 | 5.0 MEDIUM | 8.6 HIGH |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. | |||||
| CVE-2022-35173 | 1 Nginx | 1 Njs | 2022-08-24 | N/A | 7.5 HIGH |
| An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. | |||||
| CVE-2022-36140 | 1 Swfmill | 1 Swfmill | 2022-08-18 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*). | |||||
| CVE-2022-36141 | 1 Swfmill | 1 Swfmill | 2022-08-18 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). | |||||
| CVE-2022-36145 | 1 Swfmill | 1 Swfmill | 2022-08-18 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord(). | |||||
| CVE-2022-38233 | 1 Xpdf Project | 1 Xpdf | 2022-08-18 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. | |||||
| CVE-2022-38234 | 1 Xpdf Project | 1 Xpdf | 2022-08-18 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. | |||||
| CVE-2022-38235 | 1 Xpdf Project | 1 Xpdf | 2022-08-18 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | |||||