Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37305 | 2024-06-20 | N/A | 8.2 HIGH | ||
| oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue. | |||||
| CVE-2023-52547 | 2024-05-28 | N/A | 7.8 HIGH | ||
| Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM. | |||||
| CVE-2023-5393 | 2024-04-24 | N/A | 7.4 HIGH | ||
| Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2024-20685 | 2024-04-10 | N/A | 5.9 MEDIUM | ||
| Azure Private 5G Core Denial of Service Vulnerability | |||||
| CVE-2024-29064 | 2024-04-10 | N/A | 6.2 MEDIUM | ||
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-24976 | 2024-04-03 | N/A | 4.9 MEDIUM | ||
| A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-50248 | 1 Okfn | 1 Ckan | 2024-02-05 | N/A | 6.5 MEDIUM |
| CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10. | |||||
| CVE-2022-2714 | 1 Rosariosis | 1 Rosariosis | 2024-02-04 | N/A | 9.8 CRITICAL |
| Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. | |||||
| CVE-2021-38445 | 1 Objectcomputing | 1 Opendds | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-16224 | 1 Philips | 1 Patient Information Center Ix | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. | |||||