ReportizFlow
Filtered by vendor
Subscriptions
Total
86 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20187 | 1 Cisco | 8 Asr1000-esp100, Asr1000-esp200, Asr1000-esp40 and 5 more | 2024-11-21 | 8.6 High |
| A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition. | ||||
| CVE-2022-33246 | 1 Qualcomm | 84 Apq8096au, Apq8096au Firmware, Aqt1000 and 81 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id. | ||||
| CVE-2022-32142 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 8.1 High |
| Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. | ||||
| CVE-2022-1420 | 4 Apple, Fedoraproject, Redhat and 1 more | 4 Macos, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. | ||||
| CVE-2022-0729 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 8.8 High |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | ||||
| CVE-2022-0685 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.8 High |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | ||||
| CVE-2022-0614 | 1 Mruby | 1 Mruby | 2024-11-21 | 5.5 Medium |
| Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. | ||||
| CVE-2022-0554 | 5 Apple, Debian, Fedoraproject and 2 more | 5 Macos, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.8 High |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2021-3889 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 8.1 High |
| libmobi is vulnerable to Use of Out-of-range Pointer Offset | ||||
| CVE-2021-3888 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 8.1 High |
| libmobi is vulnerable to Use of Out-of-range Pointer Offset | ||||
| CVE-2021-22550 | 1 Google | 1 Asylo | 2024-11-21 | 6.5 Medium |
| An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c | ||||
| CVE-2021-22549 | 1 Google | 1 Asylo | 2024-11-21 | 6.5 Medium |
| An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c | ||||
| CVE-2021-1352 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.4 High |
| A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2020-8904 | 1 Google | 1 Asylo | 2024-11-21 | 6.4 Medium |
| An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later. | ||||
| CVE-2020-6112 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 7.8 High |
| An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability. | ||||
| CVE-2020-27009 | 1 Siemens | 2 Nucleus Net, Nucleus Source Code | 2024-11-21 | 8.1 High |
| A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. | ||||
| CVE-2020-13573 | 1 Rockwellautomation | 1 Rslinx | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | ||||
| CVE-2024-42383 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4.2 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | ||||
| CVE-2024-42386 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 8.2 High |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | ||||
| CVE-2024-42387 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 5.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||