| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. |
| A
security flaw was discovered in the NETGEAR WAX333 Access Point that could
allow someone already logged in and connected to the local network to make
unauthorized changes to the device's settings |
| Heap-based buffer overflow in Virtual Hard Disk (VHD) Miniport Driver allows an authorized attacker to elevate privileges locally. |
| Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network. |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| A security flaw was discovered in the NETGEAR DGND3700v1 that could
allow someone on the same local WiFi network to send unauthorized commands to
the device.
This issue was identified through testing in a controlled research
environment using a simulated version of the router's software and has not been
confirmed on physical production devices. |
| A
security flaw was found in certain NETGEAR RAX models that could allow
a logged-in user to send specially crafted requests to the router and run
unauthorized commands. This could enable the user to make unauthorized changes
to the router and affect its security and operation. |
| A
security flaw was found in certain NETGEAR Orbi models that
could allow an unauthorized user to cause the device to stop responding or
restart unexpectedly, disrupting network connectivity and making the device
temporarily unavailable. |
| A security flaw in the router's certificate validation process was
discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take
control of the device. |
| A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers
that could allow someone already logged in to the device to run unauthorized commands
or code on the router. |
| Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead//sub_497498 component |
| ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing. |
| pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without enforcing a maximum nesting depth. |
| Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or Image.alpha_composite(). This issue is fixed in version 12.3.0. |
| Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek backwards to the same directive and parse it repeatedly in an infinite loop. This issue is fixed in version 12.3.0. |
| In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size. |
| Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0. |