CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2022-06-09
Medium
CVE-2021-27786

Vendor: Hcltech
Software: Onetest server
 

 
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.

 
2022-04-11
Medium
CVE-2022-20072

Updating...
 

 
In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID: ALPS06219118.

 
2022-04-04
Medium
CVE-2022-24787

Vendor: Vyper project
Software: Vyper
 

 
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.

 
2022-01-25
Medium
CVE-2022-23027

Vendor: F5
Software: Big-ip acces...
 

 
On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

 
2022-01-12
Low
CVE-2021-40562

Vendor: GPAC
Software: GPAC
 

 
A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service.

 
2021-12-17
Medium
CVE-2021-34141

Vendor: Numpy
Software: Numpy
 

 
Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.

 
2021-12-13
Low
CVE-2021-39917

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.

 
2021-11-18
Medium
CVE-2021-23146

Vendor: Gallagher
Software: Command centre
 

 
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1454 (MR3); 8.20 versions prior to 8.20.1291 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.

 
2021-10-22
Medium
CVE-2021-42836

Vendor: Gjson project
Software: Gjson
 

 
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

 
2021-09-27
Medium
CVE-2021-3820

Vendor: Inflect project
Software: Inflect
 

 
inflect is vulnerable to Inefficient Regular Expression Complexity

 

 


Copyright 2022, cxsecurity.com

 

Back to Top