Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26209 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-10-09 | 5.5 Medium |
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||||
| CVE-2024-43458 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-10-09 | 7.7 High |
| Windows Networking Information Disclosure Vulnerability | ||||
| CVE-2024-38260 | 1 Microsoft | 9 Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and 6 more | 2024-10-09 | 8.8 High |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
| CVE-2024-38257 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-10-09 | 7.5 High |
| Microsoft AllJoyn API Information Disclosure Vulnerability | ||||
| CVE-2024-38256 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-09 | 5.5 Medium |
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | ||||
| CVE-2024-38254 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-10-09 | 5.5 Medium |
| Windows Authentication Information Disclosure Vulnerability | ||||
| CVE-2024-38064 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-10-08 | 7.5 High |
| Windows TCP/IP Information Disclosure Vulnerability | ||||
| CVE-2024-20694 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-10-08 | 5.5 Medium |
| Windows CoreMessaging Information Disclosure Vulnerability | ||||
| CVE-2023-24941 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-10-04 | 9.8 Critical |
| Windows Network File System Remote Code Execution Vulnerability | ||||
| CVE-2023-22330 | 1 Intel | 176 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 173 more | 2024-10-02 | 6 Medium |
| Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2020-2575 | 1 Oracle | 1 Vm Virtualbox | 2024-09-27 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-09-27 | 6.4 Medium |
| The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | ||||
| CVE-2023-2747 | 1 Silabs | 1 Gecko Software Development Kit | 2024-09-27 | 3.1 Low |
| The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. | ||||
| CVE-2020-14703 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-09-26 | 6 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2020-14704 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-09-26 | 6 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2023-25588 | 2 Gnu, Redhat | 2 Binutils, Enterprise Linux | 2024-09-25 | 4.7 Medium |
| A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. | ||||
| CVE-2023-25586 | 2 Gnu, Redhat | 2 Binutils, Enterprise Linux | 2024-09-25 | 4.7 Medium |
| A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. | ||||
| CVE-2023-25585 | 2 Gnu, Redhat | 2 Binutils, Enterprise Linux | 2024-09-25 | 4.7 Medium |
| A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. | ||||
| CVE-2021-35000 | 2024-09-18 | N/A | ||
| OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-16112. | ||||
| CVE-2021-34999 | 1 Openbsd | 1 Openbsd | 2024-09-18 | N/A |
| OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-14540. | ||||