Total
8221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24535 | 1 Protobuf | 1 Protobuf | 2025-01-06 | 7.5 High |
| Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. | ||||
| CVE-2023-34100 | 1 Contiki-ng | 1 Contiki-ng | 2025-01-06 | 7.3 High |
| Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`. | ||||
| CVE-2023-50926 | 1 Contiki-ng | 1 Contiki-ng | 2025-01-06 | 7.5 High |
| Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721. | ||||
| CVE-2023-29167 | 1 Fujielectric | 1 Frenic Rhc Loader | 2025-01-03 | 7.8 High |
| Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. | ||||
| CVE-2023-33122 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-01-03 | 3.3 Low |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information. | ||||
| CVE-2023-33123 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-01-03 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-3036 | 1 Cloudflare | 1 Cfnts | 2025-01-02 | 8.6 High |
| An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents. | ||||
| CVE-2023-3040 | 1 Cloudflare | 1 Lua-resty-json | 2025-01-02 | 3.7 Low |
| A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment. | ||||
| CVE-2024-23808 | 1 Openatom | 1 Openharmony | 2025-01-02 | 5.2 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. | ||||
| CVE-2022-21877 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2025-01-02 | 5.5 Medium |
| Storage Spaces Controller Information Disclosure Vulnerability | ||||
| CVE-2022-21876 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2025-01-02 | 5.5 Medium |
| Win32k Information Disclosure Vulnerability | ||||
| CVE-2023-35629 | 1 Microsoft | 3 Windows 10 1507, Windows Server 2008, Windows Server 2012 | 2025-01-01 | 6.8 Medium |
| Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-36696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-01 | 7.8 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-36803 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-01-01 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2023-35386 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-01-01 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-35358 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-01-01 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-35357 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-01-01 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-36905 | 1 Microsoft | 9 Windows 10, Windows 10 1607, Windows 10 1809 and 6 more | 2025-01-01 | 5.5 Medium |
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | ||||
| CVE-2023-35299 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-33164 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 6.5 Medium |
| Remote Procedure Call Runtime Denial of Service Vulnerability | ||||