CVE-2022-37128 — CVSS 9.8 (critical): In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
CVE-2021-41264 — CVSS 9.8 (critical): OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may…
CVE-2019-10196 — CVSS 9.8 (critical): A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer…
CVE-2015-8367 — CVSS 9.8 (critical): The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related…
CVE-2019-14271 — CVSS 9.8 (critical): In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility…
CVE-2018-11949 — CVSS 9.8 (critical): Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute…
CVE-2019-3464 — CVSS 9.8 (critical): Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that…
CVE-2017-13715 — CVSS 9.8 (critical): The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and…
CVE-2008-0062 — CVSS 9.8 (critical): KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial…
CVE-2023-0397 — CVSS 9.6 (critical): A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
CVE-2024-36455: An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a…
CVE-2022-46164 — CVSS 9.4 (critical): NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a…
CVE-2024-54129: The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability…
CVE-2017-5468 — CVSS 9.1 (critical): An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a…
CVE-2022-0947 — CVSS 9.0 (critical): A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to…
CVE-2024-21807 — CVSS 8.8 (high): Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may…
CVE-2023-28737 — CVSS 8.8 (high): Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable…
CVE-2023-27934 — CVSS 8.8 (high): A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be…
CVE-2022-2620 — CVSS 8.8 (high): Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in…
CVE-2022-36364 — CVSS 8.8 (high): Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property…
CVE-2019-20063 — CVSS 8.8 (high): hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.
CVE-2017-12262 — CVSS 8.8 (high): A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)…
CVE-2008-3637 — CVSS 8.8 (high): The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized…
CVE-2001-1471 — CVSS 8.8 (high): prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which…
CVE-2023-3242 — CVSS 8.6 (high): Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated…
CVE-2019-1840 — CVSS 8.6 (high): A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to…
CVE-2019-6230 — CVSS 8.6 (high): A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS…
CVE-2021-33638 — CVSS 8.4 (high): When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the…
CVE-2021-33637 — CVSS 8.4 (high): When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can…
CVE-2021-33636 — CVSS 8.4 (high): When the isula load command is used to load malicious images, attackers can execute arbitrary code.
CVE-2024-22064 — CVSS 8.3 (high): ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique…
CVE-2022-34153 — CVSS 8.2 (high): Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to…
CVE-2021-44169 — CVSS 8.2 (high): A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below…
CVE-2020-12301 — CVSS 8.2 (high): Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to…
CVE-2024-0089 — CVSS 7.8 (high): NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be…
CVE-2023-27325 — CVSS 7.8 (high): Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to…
CVE-2023-27324 — CVSS 7.8 (high): Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to…
CVE-2023-27322 — CVSS 7.8 (high): Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to…
CVE-2021-47194 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the…
CVE-2023-52452 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are…
CVE-2022-46487 — CVSS 7.8 (high): Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for…
CVE-2023-25010 — CVSS 7.8 (high): A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code…
CVE-2022-37334 — CVSS 7.8 (high): Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may…
CVE-2022-27493 — CVSS 7.8 (high): Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially…
CVE-2021-23223 — CVSS 7.8 (high): Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially…
CVE-2022-26722 — CVSS 7.8 (high): A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur…
CVE-2022-26721 — CVSS 7.8 (high): A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur…