Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27898 | 1 Apple | 1 Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1. An attacker may be able to bypass Managed Frame Protection. | |||||
| CVE-2020-17533 | 1 Apache | 1 Accumulo | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties. | |||||
| CVE-2020-15191 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. | |||||
| CVE-2020-12372 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2019-9704 | 3 Cron Project, Debian, Fedoraproject | 3 Cron, Debian Linux, Fedora | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. | |||||
| CVE-2019-9372 | 1 Google | 1 Android | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| In libskia, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132782448 | |||||
| CVE-2019-17178 | 3 Freerdp, Lodev, Opensuse | 3 Freerdp, Lodepng, Leap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | |||||
| CVE-2019-15942 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | |||||
| CVE-2019-15900 | 1 Doas Project | 1 Doas | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root. | |||||
| CVE-2019-15523 | 2 Debian, Linbit | 2 Debian Linux, Csync2 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. | |||||
| CVE-2019-12107 | 1 Miniupnp.free | 1 Miniupnpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value. | |||||
| CVE-2019-10902 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. | |||||
| CVE-2018-20216 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). | |||||
| CVE-2018-16643 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. | |||||
| CVE-2018-14622 | 4 Canonical, Debian, Libtirpc Project and 1 more | 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. | |||||
| CVE-2018-14367 | 1 Wireshark | 1 Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. | |||||
| CVE-1999-0199 | 1 Gnu | 1 Glibc | 2024-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. | |||||
| CVE-2024-45419 | 2024-11-19 | N/A | 8.1 HIGH | ||
| Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access. | |||||
| CVE-2024-50306 | 2024-11-15 | N/A | 9.1 CRITICAL | ||
| Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue. | |||||
| CVE-2024-8110 | 2024-09-20 | N/A | 7.5 HIGH | ||
| Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable. | |||||