Total
520 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21809 | 1 Intel | 1 Quartus Prime | 2025-01-28 | 6.7 Medium |
| Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36794 | 1 Intel | 1 Server Platform Services | 2025-01-27 | 6 Medium |
| Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-30692 | 1 Intel | 1 System Usage Report | 2025-01-27 | 5.9 Medium |
| Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2022-29523 | 1 Open Cas Project | 1 Open Cas | 2025-01-27 | 3.3 Low |
| Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-21102 | 2 Google, Redhat | 2 Android, Enterprise Linux | 2025-01-24 | 7.8 High |
| In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel | ||||
| CVE-2024-1713 | 1 Plv8 | 1 Plv8 | 2025-01-23 | 7.2 High |
| A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum. | ||||
| CVE-2023-52710 | 1 Huawei | 3 Curiem-wfg9b, Curiem-wfg9b Firmware, Curiem Wfg98 Bios | 2025-01-17 | 7.8 High |
| Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM. | ||||
| CVE-2023-32695 | 1 Socket | 1 Socket.io-parser | 2025-01-13 | 7.3 High |
| socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. | ||||
| CVE-2024-5469 | 1 Gitlab | 1 Gitlab | 2025-01-09 | 3.1 Low |
| DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. | ||||
| CVE-2024-53916 | 1 Openstack | 1 Neutron | 2025-01-06 | 7.5 High |
| In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1. | ||||
| CVE-2024-36128 | 1 Monospace | 1 Directus | 2025-01-03 | 7.5 High |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2. | ||||
| CVE-2023-34449 | 1 Parity | 1 Ink\! | 2024-12-30 | 5.3 Medium |
| ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch. | ||||
| CVE-2024-32867 | 1 Oisf | 1 Suricata | 2024-12-19 | 5.3 Medium |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19. | ||||
| CVE-2023-21137 | 1 Google | 1 Android | 2024-12-18 | 5.5 Medium |
| In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702 | ||||
| CVE-2023-34733 | 1 Vw | 1 Discover Media Infotainment System | 2024-12-17 | 6.8 Medium |
| A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature. | ||||
| CVE-2024-54116 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 4.3 Medium |
| Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-54115 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 4.3 Medium |
| Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-54114 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 4.4 Medium |
| Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-35849 | 1 Virtualsquare | 1 Picotcp | 2024-12-11 | 7.5 High |
| VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. | ||||
| CVE-2024-53432 | 1 Point Cloud Library | 1 Pcl | 2024-12-04 | 7.5 High |
| While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack when processing untrusted PLY files. | ||||