Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
5.5AI Score
0.0004EPSS
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...
7AI Score
0.0004EPSS
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy...
5.1CVSS
6.8AI Score
0.0004EPSS
Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled...
5.7CVSS
6.8AI Score
0.0004EPSS
Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_File() function is used to read a malformed DICOM data, it might result in over-reading memory buffer and could cause memory access...
4CVSS
6.8AI Score
0.0004EPSS
Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. When deprecated MC_XML_To_Message() function is used to read a malformed DICOM XML file, it might result in memory access...
4CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely....
7.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit.....
7.3CVSS
7.4AI Score
0.0004EPSS
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the...
6.5CVSS
6.6AI Score
0.0004EPSS
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service...
4.3CVSS
7.2AI Score
0.0004EPSS
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the...
7.5CVSS
6.6AI Score
0.0004EPSS
The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to...
6CVSS
6.8AI Score
0.0004EPSS
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
7.9AI Score
0.014EPSS
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQP_VALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit...
9.8CVSS
9.3AI Score
0.0004EPSS
c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an...
4.4CVSS
4.3AI Score
0.0004EPSS
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local...
6CVSS
6.3AI Score
0.0004EPSS
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the...
9.8CVSS
9.7AI Score
0.0004EPSS
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...
9.8CVSS
9.3AI Score
0.001EPSS
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring...
7.8CVSS
7.7AI Score
0.0004EPSS
Memory corruption in Audio while processing IIR config data from AFE calibration...
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
Memory corruption in Audio while processing the calibration data returned from ACDB...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap...
7.8CVSS
7.9AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
7.1CVSS
6.8AI Score
0.0004EPSS
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step...
9.8CVSS
9.4AI Score
0.001EPSS
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's....
8.8CVSS
7.1AI Score
0.0005EPSS
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system...
7.5CVSS
8AI Score
0.001EPSS
When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions...
7.5CVSS
7.2AI Score
0.0005EPSS
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause...
9.8CVSS
9.8AI Score
0.006EPSS
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code...
9.8CVSS
9.8AI Score
0.002EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same...
8.4CVSS
7.9AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
9.3CVSS
7.7AI Score
0.0004EPSS
mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length...
7.5CVSS
7.4AI Score
0.0005EPSS
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress....
7.5CVSS
7.5AI Score
0.001EPSS
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at...
7.5CVSS
7.5AI Score
0.001EPSS
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at...
7.5CVSS
7.5AI Score
0.001EPSS
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to...
7.5CVSS
7.4AI Score
0.001EPSS
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on...
7.5CVSS
7.5AI Score
0.0005EPSS
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a.....
7.6CVSS
7.5AI Score
0.001EPSS
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious...
8.8CVSS
8.9AI Score
0.004EPSS
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious...
8.8CVSS
8.9AI Score
0.004EPSS
Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may...
7.5CVSS
7.5AI Score
0.001EPSS
Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may...
7.5CVSS
7.5AI Score
0.001EPSS
Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may...
7.5CVSS
7.5AI Score
0.001EPSS
Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may...
7.5CVSS
7.5AI Score
0.001EPSS