| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation). |
| A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file. |
| Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape. |
| Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. |
| Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.
*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. |
| A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. |
| Out-of-bounds data read vulnerability in the authorization module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Memory corruption due to improper bounds check while command handling in camera-kernel driver. |
| Memory corruption while decoding of OTA messages from T3448 IE. |
| Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. |
| Windows Cryptographic Services Information Disclosure Vulnerability |
