Latest CVE Feed
-
5.5
MEDIUMCVE-2020-1342
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_web_apps office_online_server- Published: Jul. 14, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-44515
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memo... Read more
- Published: Dec. 19, 2024
- Modified: Jan. 10, 2025
-
5.5
MEDIUMCVE-2020-1290
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_server windows windows_11_23h2- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-0149
Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.... Read more
Affected Products : ethernet_controller_x710-tm4_firmware ethernet_controller_x710-at2_firmware ethernet_controller_xxv710-am2_firmware ethernet_controller_xxv710-am1_firmware ethernet_controller_x710-bm2_firmware ethernet_controller_710-bm1_firmware ethernet_700_series_software ethernet_controller_x710-tm4 ethernet_controller_x710-at2 ethernet_controller_xxv710-am2 +3 more products- Published: Nov. 14, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-21096
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-servi... Read more
- Published: Apr. 15, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-37623
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the me... Read more
- Published: Aug. 09, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-13457
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.... Read more
Affected Products : nagios_core- Published: Jul. 12, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-9989
The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.... Read more
- Published: Dec. 08, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-13397
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.... Read more
- Published: May. 22, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.... Read more
Affected Products : ubuntu_linux fedora debian_linux outside_in_technology macos itunes freebsd communications_cloud_native_core_policy iphone_os tvos +5 more products- Published: May. 24, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2023-32438
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.... Read more
- Published: Sep. 06, 2023
- Modified: Dec. 12, 2024
-
5.5
MEDIUMCVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a c... Read more
- Published: Jul. 12, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2020-1084
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To explo... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_server windows windows_11_23h2- Published: May. 21, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-1007
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0821.... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows +1 more products- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18344
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/time... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-1005
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows +1 more products- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-35678
Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vuln... Read more
- Published: Aug. 11, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2011-4589
backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via... Read more
Affected Products : moodle- Published: Jul. 20, 2012
- Modified: Apr. 11, 2025
-
5.5
MEDIUMCVE-2020-19724
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.... Read more
Affected Products : binutils- Published: Aug. 22, 2023
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-27824
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system... Read more
- Published: May. 13, 2021
- Modified: Nov. 21, 2024