ReportizFlow
Filtered by vendor
Subscriptions
Total
470 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38140 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-11-21 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2023-36913 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 6.5 Medium |
| Microsoft Message Queuing Information Disclosure Vulnerability | ||||
| CVE-2023-36836 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 4.7 Medium |
| A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS 19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9; 20.1 version 20.1R2 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S6-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-S1-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. | ||||
| CVE-2023-36398 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-11-21 | 6.5 Medium |
| Windows NTFS Information Disclosure Vulnerability | ||||
| CVE-2023-36012 | 1 Microsoft | 9 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 6 more | 2024-11-21 | 5.3 Medium |
| DHCP Server Service Information Disclosure Vulnerability | ||||
| CVE-2023-35326 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-11-21 | 5.5 Medium |
| Windows CDP User Components Information Disclosure Vulnerability | ||||
| CVE-2023-35325 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-11-21 | 7.5 High |
| Windows Print Spooler Information Disclosure Vulnerability | ||||
| CVE-2023-32213 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-11-21 | 8.8 High |
| When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2023-32042 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-11-21 | 6.5 Medium |
| OLE Automation Information Disclosure Vulnerability | ||||
| CVE-2023-32041 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2024-11-21 | 5.5 Medium |
| Windows Update Orchestrator Service Information Disclosure Vulnerability | ||||
| CVE-2023-32016 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-11-21 | 5.5 Medium |
| Windows Installer Information Disclosure Vulnerability | ||||
| CVE-2023-31275 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 8.8 High |
| An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-31192 | 1 Softether | 1 Vpn | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2023-29367 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-11-21 | 7.8 High |
| iSCSI Target WMI Provider Remote Code Execution Vulnerability | ||||
| CVE-2023-28967 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 7.5 High |
| A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO. | ||||
| CVE-2023-27598 | 1 Opensips | 1 Opensips | 2024-11-21 | 7.5 High |
| OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4. | ||||
| CVE-2023-25588 | 2 Gnu, Redhat | 2 Binutils, Enterprise Linux | 2024-11-21 | 4.7 Medium |
| A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. | ||||
| CVE-2023-25586 | 2 Gnu, Redhat | 2 Binutils, Enterprise Linux | 2024-11-21 | 4.7 Medium |
| A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. | ||||
| CVE-2023-25585 | 2 Gnu, Redhat | 2 Binutils, Enterprise Linux | 2024-11-21 | 4.7 Medium |
| A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. | ||||
| CVE-2023-24941 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-11-21 | 9.8 Critical |
| Windows Network File System Remote Code Execution Vulnerability | ||||