ReportizFlow
Filtered by vendor
Subscriptions
Total
470 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3299 | 2024-11-21 | 7.8 High | ||
| Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. NOTE: this vulnerability was SPLIT from CVE-2024-1847. | ||||
| CVE-2024-38257 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-11-21 | 7.5 High |
| Microsoft AllJoyn API Information Disclosure Vulnerability | ||||
| CVE-2024-36503 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.3 High |
| Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-36454 | 1 Fujitsu | 11 Ipcom Ex2 In 3200 Firmware, Ipcom Ex2 In 3500 Firmware, Ipcom Ex2 Lb 3200 Firmware and 8 more | 2024-11-21 | 5.3 Medium |
| Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet. | ||||
| CVE-2024-32910 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-32906 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29785 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29780 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-26220 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | 5 Medium |
| Windows Mobile Hotspot Information Disclosure Vulnerability | ||||
| CVE-2024-23314 | 2024-11-21 | 7.5 High | ||
| When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-20694 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-11-21 | 5.5 Medium |
| Windows CoreMessaging Information Disclosure Vulnerability | ||||
| CVE-2024-1848 | 2024-11-21 | 7.8 High | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. | ||||
| CVE-2024-1847 | 2024-11-21 | 7.8 High | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID. | ||||
| CVE-2023-6865 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 6.5 Medium |
| `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. | ||||
| CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | 6.4 Medium |
| The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | ||||
| CVE-2023-46100 | 1 Openatom | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. | ||||
| CVE-2023-45663 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | 5.3 Medium |
| stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer. | ||||
| CVE-2023-42797 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2024-11-21 | 6.6 Medium |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup. | ||||
| CVE-2023-3488 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 3.8 Low |
| Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. | ||||
| CVE-2023-38151 | 1 Microsoft | 3 Azure Host Integration Server 2020, Host Integration Server, Ole Db Provider | 2024-11-21 | 8.8 High |
| Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability | ||||