Total
544 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36454 | 1 Fujitsu | 11 Ipcom Ex2 In 3200 Firmware, Ipcom Ex2 In 3500 Firmware, Ipcom Ex2 Lb 3200 Firmware and 8 more | 2024-11-21 | 5.3 Medium |
| Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet. | ||||
| CVE-2024-32906 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-1848 | 2024-11-21 | 7.8 High | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. | ||||
| CVE-2024-1847 | 2024-11-21 | 7.8 High | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID. | ||||
| CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | 6.4 Medium |
| The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | ||||
| CVE-2023-46100 | 1 Openatom | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. | ||||
| CVE-2023-42797 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2024-11-21 | 6.6 Medium |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup. | ||||
| CVE-2023-3488 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 3.8 Low |
| Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. | ||||
| CVE-2023-36836 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 4.7 Medium |
| A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS 19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9; 20.1 version 20.1R2 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S6-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-S1-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. | ||||
| CVE-2023-32213 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-11-21 | 8.8 High |
| When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2023-31275 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 8.8 High |
| An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-31192 | 1 Softether | 1 Vpn | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2023-22330 | 1 Intel | 176 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 173 more | 2024-11-21 | 6 Medium |
| Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-21276 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21233 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-47012 | 1 Solarwinds | 1 Dynamips | 2024-11-21 | 7.5 High |
| Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. | ||||
| CVE-2022-40768 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | ||||
| CVE-2022-39283 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2024-11-21 | 5.9 Medium |
| FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. | ||||
| CVE-2022-39282 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2024-11-21 | 3.5 Low |
| FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. | ||||
| CVE-2022-38668 | 1 Crowcpp | 1 Crow | 2024-11-21 | 7.5 High |
| HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. | ||||