Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20212 | 1 Cisco | 2 Secure Endpoint, Secure Endpoint Private Cloud | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition. | |||||
| CVE-2021-39228 | 1 Linuxfoundation | 1 Tremor | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`. | |||||
| CVE-2021-25443 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. | |||||
| CVE-2019-15691 | 2 Opensuse, Tigervnc | 2 Leap, Tigervnc | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2024-45105 | 2024-09-14 | N/A | 6.7 MEDIUM | ||
| An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2024-39792 | 1 F5 | 1 Nginx Plus | 2024-08-19 | N/A | 7.5 HIGH |
| When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||