Latest CVE Feed
-
5.5
MEDIUMCVE-2012-0058
The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.... Read more
Affected Products : linux_kernel- Published: May. 17, 2012
- Modified: Apr. 11, 2025
-
5.5
MEDIUMCVE-2022-42854
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory.... Read more
Affected Products : macos- Published: Dec. 15, 2022
- Modified: Apr. 21, 2025
-
5.5
MEDIUMCVE-2020-12459
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.... Read more
- Published: Apr. 29, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2024-26815
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed value tc = nla_get... Read more
Affected Products : linux_kernel- Published: Apr. 10, 2024
- Modified: Mar. 27, 2025
-
5.5
MEDIUMCVE-2020-1342
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_web_apps office_online_server- Published: Jul. 14, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-44515
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memo... Read more
- Published: Dec. 19, 2024
- Modified: Jan. 10, 2025
-
5.5
MEDIUMCVE-2020-1290
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_server windows windows_11_23h2- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-0149
Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.... Read more
Affected Products : ethernet_controller_x710-tm4_firmware ethernet_controller_x710-at2_firmware ethernet_controller_xxv710-am2_firmware ethernet_controller_xxv710-am1_firmware ethernet_controller_x710-bm2_firmware ethernet_controller_710-bm1_firmware ethernet_700_series_software ethernet_controller_x710-tm4 ethernet_controller_x710-at2 ethernet_controller_xxv710-am2 +3 more products- Published: Nov. 14, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-21096
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-servi... Read more
- Published: Apr. 15, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-37623
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the me... Read more
- Published: Aug. 09, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-13457
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.... Read more
Affected Products : nagios_core- Published: Jul. 12, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-9989
The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.... Read more
- Published: Dec. 08, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-13397
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.... Read more
- Published: May. 22, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.... Read more
Affected Products : ubuntu_linux fedora debian_linux outside_in_technology macos itunes freebsd communications_cloud_native_core_policy iphone_os tvos +5 more products- Published: May. 24, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2023-32438
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.... Read more
- Published: Sep. 06, 2023
- Modified: Dec. 12, 2024
-
5.5
MEDIUMCVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a c... Read more
- Published: Jul. 12, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2020-1084
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To explo... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_server windows windows_11_23h2- Published: May. 21, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-1007
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0821.... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows +1 more products- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18344
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/time... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-1005
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows +1 more products- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024