| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| libcurl's URL API function
[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode
conversions, to and from IDN. Asking to convert a name that is exactly 256
bytes, libcurl ends up reading outside of a stack based buffer when built to
use the *macidn* IDN backend. The conversion function then fills up the
provided buffer exactly - but does not null terminate the string.
This flaw can lead to stack contents accidently getting returned as part of
the converted string. |
| A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog . |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. |
| Memory corruption while handling IOCTL call from user-space to set latency level. |
| Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message |
| An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.
When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.
This issue affects Junos OS Evolved:
* from 23.2R2-EVO before 23.2R2-S1-EVO,
* from 23.4R1-EVO before 23.4R2-EVO. |
| On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. |
| Information disclosure while parsing the OCI IE with invalid length. |
| Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. |
| Information disclosure while processing information on firmware image during core initialization. |
| Information disclosure during audio playback. |
| Information disclosure while processing IO control commands. |
| An malicious BLE device can crash BLE victim device by sending malformed gatt packet |
| Windows Common Log File System Driver Information Disclosure Vulnerability |
| A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. |
| Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. |
