Total
126 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50359 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 3.4 LOW |
| An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later | |||||
| CVE-2023-4162 | 1 Brocade | 1 Fabric Operating System | 2024-11-21 | N/A | 4.4 MEDIUM |
| A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“. | |||||
| CVE-2023-47480 | 2024-11-21 | N/A | 8.4 HIGH | ||
| An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function. | |||||
| CVE-2023-44182 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | N/A | 7.3 HIGH |
| An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur. Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S3-EVO; * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO. | |||||
| CVE-2023-41092 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-40303 | 1 Gnu | 1 Inetutils | 2024-11-21 | N/A | 7.8 HIGH |
| GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. | |||||
| CVE-2023-3247 | 1 Php | 1 Php | 2024-11-21 | N/A | 2.6 LOW |
| In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. | |||||
| CVE-2023-3013 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 7.1 HIGH |
| Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. | |||||
| CVE-2023-37902 | 1 Vyperlang | 1 Vyper | 2024-11-21 | N/A | 5.3 MEDIUM |
| Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue. | |||||
| CVE-2023-29243 | 1 Intel | 2 Realsense 450 Fa, Realsense 450 Fa Firmware | 2024-11-21 | N/A | 4.4 MEDIUM |
| Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access. | |||||
| CVE-2023-26591 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 2.0 LOW |
| Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access. | |||||
| CVE-2023-24825 | 1 Riot-os | 1 Riot | 2024-11-21 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds. | |||||
| CVE-2022-46897 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions. | |||||
| CVE-2022-43765 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-11-21 | N/A | 7.5 HIGH |
| B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. | |||||
| CVE-2022-43763 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-11-21 | N/A | 7.5 HIGH |
| Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. | |||||
| CVE-2022-40279 | 1 Samsung | 1 Tizenrt | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction). | |||||
| CVE-2022-3807 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660. | |||||
| CVE-2022-31225 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-11-21 | N/A | 3.0 LOW |
| Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||||
| CVE-2022-31220 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-11-21 | N/A | 3.0 LOW |
| Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||||
| CVE-2022-31170 | 1 Openzeppelin | 1 Contracts | 2024-11-21 | N/A | 7.5 HIGH |
| OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1. The contracts that may be affected are those that use `ERC165Checker` to check for support for an interface and then handle the lack of support in a way other than reverting. The issue was patched in version 4.7.1. | |||||