ReportizFlow
Filtered by vendor
Subscriptions
Total
13091 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27931 | 1 Deno | 1 Deno | 2025-01-03 | 5.8 Medium |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a `Deno.makeTemp*` API containing path traversal characters. This is fixed in Deno 1.41.1. | ||||
| CVE-2024-27932 | 1 Deno | 1 Deno | 2025-01-03 | 4.6 Medium |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue | ||||
| CVE-2024-32645 | 1 Vyperlang | 1 Vyper | 2025-01-03 | 5.3 Medium |
| Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available. | ||||
| CVE-2024-32646 | 1 Vyperlang | 1 Vyper | 2025-01-03 | 5.3 Medium |
| Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available. | ||||
| CVE-2024-7023 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-01-02 | 8 High |
| Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2023-35619 | 1 Microsoft | 1 Office Long Term Servicing Channel | 2025-01-01 | 5.3 Medium |
| Microsoft Outlook for Mac Spoofing Vulnerability | ||||
| CVE-2023-36897 | 1 Microsoft | 8 365 Apps, Office, Office Long Term Servicing Channel and 5 more | 2025-01-01 | 8.1 High |
| Visual Studio Tools for Office Runtime Spoofing Vulnerability | ||||
| CVE-2023-36899 | 1 Microsoft | 11 .net, .net Framework, Windows 10 1809 and 8 more | 2025-01-01 | 8.8 High |
| ASP.NET Elevation of Privilege Vulnerability | ||||
| CVE-2023-36873 | 1 Microsoft | 13 .net, .net Framework, Windows 10 1607 and 10 more | 2025-01-01 | 7.4 High |
| .NET Framework Spoofing Vulnerability | ||||
| CVE-2023-35303 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 8.8 High |
| USB Audio Class System Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-36872 | 1 Microsoft | 1 Vp9 Video Extensions | 2025-01-01 | 5.5 Medium |
| VP9 Video Extensions Information Disclosure Vulnerability | ||||
| CVE-2023-35367 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35366 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35365 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35336 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-01-01 | 6.5 Medium |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2023-32037 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2025-01-01 | 6.5 Medium |
| Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | ||||
| CVE-2023-32032 | 2 Microsoft, Redhat | 5 .net, Powershell, Visual Studio and 2 more | 2025-01-01 | 6.5 Medium |
| .NET and Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2023-29353 | 1 Microsoft | 4 Sysinternals, Sysinternals Process Monitor, Windows Sysinternals Process Monitor and 1 more | 2025-01-01 | 5.5 Medium |
| Sysinternals Process Monitor for Windows Denial of Service Vulnerability | ||||
| CVE-2023-23419 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 22h2 | 2025-01-01 | 7.8 High |
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | ||||
| CVE-2023-23416 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2025-01-01 | 7.8 High |
| Windows Cryptographic Services Remote Code Execution Vulnerability | ||||