Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37512 | 1 Hcltech | 1 Traveler Companion | 2023-08-17 | N/A | 5.5 MEDIUM |
| When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | |||||
| CVE-2023-22449 | 1 Intel | 310 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 307 more | 2023-08-17 | N/A | 6.7 MEDIUM |
| Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39406 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. | |||||
| CVE-2021-28500 | 1 Arista | 1 Eos | 2023-08-17 | 6.9 MEDIUM | 7.8 HIGH |
| An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | |||||
| CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2023-08-17 | N/A | 4.4 MEDIUM |
| Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-27509 | 1 Intel | 1 Ispc Software Installer | 2023-08-17 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2023-22356 | 1 Intel | 422 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 419 more | 2023-08-17 | N/A | 4.4 MEDIUM |
| Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-39396 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-38034 | 1 Ui | 47 U6-enterprise, U6-enterprise-iw, U6-extender and 44 more | 2023-08-17 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | |||||
| CVE-2023-35085 | 1 Ui | 47 U6-enterprise, U6-enterprise-iw, U6-extender and 44 more | 2023-08-17 | N/A | 9.8 CRITICAL |
| An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. | |||||
| CVE-2023-23342 | 1 Hcltech | 1 Hcl Nomad | 2023-08-17 | N/A | 7.1 HIGH |
| If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | |||||
| CVE-2022-34657 | 1 Intel | 31 Pcsd Bios, R1208wfqysr, R1208wftys and 28 more | 2023-08-17 | N/A | 4.4 MEDIUM |
| Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-29470 | 1 Intel | 1 Dynamic Tuning Technology | 2023-08-17 | N/A | 7.8 HIGH |
| Improper access control in the Intel DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36372 | 1 Intel | 68 Nuc 8 Compute Element Cm8ccb4r, Nuc 8 Compute Element Cm8ccb4r Firmware, Nuc 8 Compute Element Cm8i3cb4n and 65 more | 2023-08-17 | N/A | 6.7 MEDIUM |
| Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22330 | 1 Intel | 176 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 173 more | 2023-08-17 | N/A | 4.4 MEDIUM |
| Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-25575 | 1 Failure Project | 1 Failure | 2023-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010. | |||||
| CVE-2023-35163 | 1 Gobalsky | 1 Vega | 2023-08-17 | N/A | 5.2 MEDIUM |
| Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited. | |||||
| CVE-2023-39393 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten. | |||||
| CVE-2023-39384 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-39388 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||||
| CVE-2023-39389 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||||
| CVE-2023-33953 | 1 Grpc | 1 Grpc | 2023-08-17 | N/A | 7.5 HIGH |
| gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc… | |||||
| CVE-2020-24222 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. | |||||
| CVE-2022-28471 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 | |||||
| CVE-2021-34122 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference. | |||||
| CVE-2021-45385 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. | |||||
| CVE-2021-44957 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file. | |||||
| CVE-2021-44956 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file. | |||||
| CVE-2020-23705 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | |||||
| CVE-2020-23852 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image. | |||||
| CVE-2020-23851 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image. | |||||
| CVE-2020-15470 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. | |||||
| CVE-2020-13440 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. | |||||
| CVE-2020-13439 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. | |||||
| CVE-2020-13438 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c. | |||||
| CVE-2019-19888 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error. | |||||
| CVE-2019-19887 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode. | |||||
| CVE-2019-16352 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. | |||||
| CVE-2019-16351 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. | |||||
| CVE-2019-16350 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. | |||||
| CVE-2018-16781 | 1 Rockcarry | 1 Ffjpeg | 2023-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. | |||||
| CVE-2023-39391 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-39394 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified. | |||||
| CVE-2023-39395 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-39404 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-39401 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 9.1 CRITICAL |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | |||||
| CVE-2023-39397 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-39398 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 9.1 CRITICAL |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | |||||
| CVE-2023-39392 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten. | |||||
| CVE-2023-39400 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 9.1 CRITICAL |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | |||||