Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1941 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Protobuf-cpp and 2 more | 2024-11-21 | 7.5 High |
| A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. | ||||
| CVE-2021-31988 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2024-11-21 | 8.8 High |
| A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | ||||
| CVE-2021-31987 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2024-11-21 | 7.5 High |
| A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. | ||||
| CVE-2021-28812 | 1 Qnap | 4 Qts, Quts Hero, Qutscloud and 1 more | 2024-11-21 | 8.8 High |
| A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3. | ||||
| CVE-2020-16220 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2024-11-21 | 4.3 Medium |
| In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. | ||||
| CVE-2023-1932 | 1 Redhat | 20 A Mq Clients, Amq Broker, Amq Online and 17 more | 2024-11-08 | 6.1 Medium |
| A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks. | ||||
| CVE-2024-47855 | 1 Redhat | 1 Ocp Tools | 2024-11-07 | 5.3 Medium |
| util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. | ||||
| CVE-2024-8928 | 2024-10-08 | 3.1 Low | ||
| A flaw was found in PHP. Erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed, violating data integrity. | ||||