Total
129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28936 | 1 Apache | 1 Openmeetings | 2024-11-21 | N/A | 5.3 MEDIUM |
| Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | |||||
| CVE-2023-27579 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.5 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. | |||||
| CVE-2023-26590 | 3 Fedoraproject, Redhat, Sox Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | N/A | 6.2 MEDIUM |
| A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. | |||||
| CVE-2023-25675 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.5 HIGH |
| TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1. | |||||
| CVE-2023-25673 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
| CVE-2023-25669 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
| CVE-2023-25666 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
| CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 6.8 MEDIUM |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2023-23843 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2023-23840 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 6.8 MEDIUM |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-23766 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 4.5 MEDIUM |
| An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-23765 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 4.8 MEDIUM |
| An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ . | |||||
| CVE-2023-23764 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 4.8 MEDIUM |
| An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-23762 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-22435 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. | |||||
| CVE-2022-4293 | 1 Vim | 1 Vim | 2024-11-21 | N/A | 5.5 MEDIUM |
| Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | |||||
| CVE-2022-43621 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16152. | |||||
| CVE-2022-39308 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | N/A | 6.5 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function. | |||||
| CVE-2022-38230 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. | |||||