| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard. |
| In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
|
| An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton. |
| An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. |
| Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) Tampering Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| libcurl's URL API function
[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode
conversions, to and from IDN. Asking to convert a name that is exactly 256
bytes, libcurl ends up reading outside of a stack based buffer when built to
use the *macidn* IDN backend. The conversion function then fills up the
provided buffer exactly - but does not null terminate the string.
This flaw can lead to stack contents accidently getting returned as part of
the converted string. |
| A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog . |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. |
| Memory corruption while handling IOCTL call from user-space to set latency level. |
| Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message |
