Total
310 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8576 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability." | |||||
| CVE-2017-6267 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. | |||||
| CVE-2014-9942 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. | |||||
| CVE-2017-14159 | 2 Openldap, Oracle | 2 Openldap, Blockchain Platform | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | |||||
| CVE-2017-0745 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296. | |||||
| CVE-2017-3820 | 1 Cisco | 1 Ios Xe | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3. | |||||
| CVE-2017-14681 | 1 P3scan Project | 1 P3scan | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan. | |||||
| CVE-2017-0641 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591. | |||||
| CVE-2017-15897 | 1 Nodejs | 1 Node.js | 2025-04-20 | 4.3 MEDIUM | 3.1 LOW |
| Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. | |||||
| CVE-2017-14102 | 1 Mimedefang | 1 Mimedefang | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. | |||||
| CVE-2017-0723 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755. | |||||
| CVE-2017-14609 | 1 Kannel | 1 Kannel | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox. | |||||
| CVE-2017-13715 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. | |||||
| CVE-2017-13153 | 1 Google | 1 Android | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854. | |||||
| CVE-2024-11158 | 1 Rockwellautomation | 1 Arena | 2025-04-18 | N/A | 6.7 MEDIUM |
| An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2022-46487 | 1 Scontain | 1 Scone | 2025-04-17 | N/A | 7.8 HIGH |
| Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. | |||||
| CVE-2014-4371 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 1.9 LOW | N/A |
| The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. | |||||
| CVE-2016-6836 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. | |||||
| CVE-2014-0178 | 1 Samba | 1 Samba | 2025-04-12 | 3.5 LOW | N/A |
| Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. | |||||
| CVE-2013-1675 | 5 Canonical, Debian, Mozilla and 2 more | 18 Ubuntu Linux, Debian Linux, Firefox and 15 more | 2025-04-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | |||||