Total
507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52079 | 1 Kriszyp | 1 Msgpackr | 2024-11-21 | 6.8 Medium |
| msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue. | ||||
| CVE-2023-4828 | 1 Proofpoint | 2 Insider Threat Management, Insider Threat Management Server | 2024-11-21 | 6.4 Medium |
| An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected. | ||||
| CVE-2023-4583 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-11-21 | 7.5 High |
| When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | ||||
| CVE-2023-49607 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog. | ||||
| CVE-2023-48431 | 1 Siemens | 1 Sinec Ins | 2024-11-21 | 6.8 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427). | ||||
| CVE-2023-48429 | 1 Siemens | 1 Sinec Ins | 2024-11-21 | 2.7 Low |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart. | ||||
| CVE-2023-46765 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | ||||
| CVE-2023-45812 | 1 Apollographql | 2 Apollo Helms-charts Router, Apollo Router | 2024-11-21 | 7.5 High |
| The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when a multi-part response is sent. When users send queries to the router that uses the `@defer` or Subscriptions, the Router will panic. To be vulnerable, users of Router must have a coprocessor with `coprocessor.supergraph.response` configured in their `router.yaml` and also to support either `@defer` or Subscriptions. Apollo Router version 1.33.0 has a fix for this vulnerability which was introduced in PR #4014. Users are advised to upgrade. Users unable to upgrade should avoid using the coprocessor supergraph response or disable defer and subscriptions support and continue to use the coprocessor supergraph response. | ||||
| CVE-2023-44199 | 2 Juniper, Juniper Networks | 13 Junos, Mx10003, Mx10004 and 10 more | 2024-11-21 | 7.5 High |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2. | ||||
| CVE-2023-44198 | 2 Juniper, Juniper Networks | 30 Junos, Mx10003, Mx10004 and 27 more | 2024-11-21 | 5.8 Medium |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn't not affected releases prior to 20.4R1. | ||||
| CVE-2023-44196 | 1 Juniper | 2 Junos Os Evolved, Ptx10003 | 2024-11-21 | 6.5 Medium |
| An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later; * 21.2-EVO versions prior to 21.2R3-S6-EVO; * 21.3-EVO version 21.3R1-EVO and later; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-S4-EVO; * 22.2-EVO versions prior to 22.2R3-S3-EVO; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R2-EVO. | ||||
| CVE-2023-44099 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption. | ||||
| CVE-2023-41304 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window. | ||||
| CVE-2023-39205 | 1 Zoom | 4 Meetings, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more | 2024-11-21 | 4.3 Medium |
| Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. | ||||
| CVE-2023-38283 | 3 Bgp, Openbgpd, Openbsd | 3 Openbgpd, Openbgpd, Openbsd | 2024-11-21 | 5.3 Medium |
| In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006. | ||||
| CVE-2023-38069 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 3.3 Low |
| In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases | ||||
| CVE-2023-37899 | 1 Feathersjs | 1 Feathers | 2024-11-21 | 7.5 High |
| Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability. | ||||
| CVE-2023-36835 | 2 Juniper, Juniper Networks | 6 Junos, Qfx10002, Qfx10002-60c and 3 more | 2024-11-21 | 7.5 High |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS). If a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedge condition due to which traffic gets impacted. As this is not a crash and restart scenario, this condition will persist until the system is rebooted to recover. This issue affects Juniper Networks Junos OS on QFX10000: 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S5; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S2, 22.3R2. | ||||
| CVE-2023-34348 | 1 Aveva | 1 Pi Server | 2024-11-21 | 7.5 High |
| AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition. | ||||
| CVE-2023-34099 | 1 Shopware | 1 Shopware | 2024-11-21 | 5.3 Medium |
| Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability. | ||||