Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29079 | 1 Intel | 1 Vroc Software | 2024-11-14 | 6.8 Medium |
| Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-33617 | 2024-11-14 | 5.9 Medium | ||
| Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. | ||||
| CVE-2024-25565 | 2024-11-13 | 3.8 Low | ||
| Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access. | ||||
| CVE-2022-20697 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-06 | 8.6 High |
| A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this vulnerability by sending a large number of HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2024-45010 | 1 Linux | 1 Linux Kernel | 2024-11-05 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ... before decrementing the local_addr_used counter helped to find a bug when running the "remove single address" subtest from the mptcp_join.sh selftests. Removing a 'signal' endpoint will trigger the removal of all subflows linked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with rm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used counter, which is wrong in this case because this counter is linked to 'subflow' endpoints, and here it is a 'signal' endpoint that is being removed. Now, the counter is decremented, only if the ID is being used outside of mptcp_pm_nl_rm_addr_or_subflow(), only for 'subflow' endpoints, and if the ID is not 0 -- local_addr_used is not taking into account these ones. This marking of the ID as being available, and the decrement is done no matter if a subflow using this ID is currently available, because the subflow could have been closed before. | ||||
| CVE-2023-24587 | 1 Intel | 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more | 2024-10-11 | 6.9 Medium |
| Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-43505 | 1 Intel | 1812 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1809 more | 2024-10-02 | 4.1 Medium |
| Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2023-28711 | 1 Intel | 1 Hyperscan Library | 2024-10-02 | 5.5 Medium |
| Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-5102 | 2 Sick, Sick Ag | 3 Apu0200, Apu0200 Firmware, Apu0200 | 2024-09-19 | 5.3 Medium |
| Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | ||||
| CVE-2023-44384 | 1 Discourse | 1 Discourse Jira | 2024-09-19 | 4.1 Medium |
| Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. | ||||
| CVE-2021-4106 | 1 Snowsoftware | 1 Snow Inventory Java Scanner | 2024-09-16 | 7.8 High |
| A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0 | ||||
| CVE-2024-25741 | 1 Linux | 1 Linux Kernel | 2024-09-06 | 5.5 Medium |
| printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. | ||||
| CVE-2022-46299 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-08-30 | 3.3 Low |
| Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-21801 | 2024-08-16 | 7.1 High | ||
| Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2024-22374 | 2024-08-14 | 6.5 Medium | ||
| Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2021-33157 | 2024-08-03 | 7.2 High | ||
| Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-48481 | 2 Apple, Jetbrains | 2 Macos, Toolbox | 2024-08-03 | 5.2 Medium |
| In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | ||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2024-08-03 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | ||||
| CVE-2022-41646 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-08-03 | 4.7 Medium |
| Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-37409 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-08-03 | 4.7 Medium |
| Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access. | ||||