Total
270794 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-30192 | 2024-11-20 | N/A | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2. | ||||
CVE-2024-25841 | 2024-11-20 | N/A | ||
In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection. | ||||
CVE-2024-0027 | 2024-11-20 | N/A | ||
In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2023-37207 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-20 | 6.5 Medium |
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | ||||
CVE-2024-4846 | 2024-11-20 | N/A | ||
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab. | ||||
CVE-2023-37208 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-20 | 7.8 High |
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | ||||
CVE-2024-29747 | 2024-11-20 | N/A | ||
In _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2023-37211 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-20 | 8.8 High |
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | ||||
CVE-2024-45817 | 2024-11-20 | N/A | ||
In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, which generates an error when an error interrupt is raised. This case causes Xen to recurse through vlapic_error(). The recursion itself is bounded; errors accumulate in the the status register and only generate an interrupt when a new status bit becomes set. However, the lock protecting this state in Xen will try to be taken recursively, and deadlock. | ||||
CVE-2024-31950 | 2024-11-20 | 7.0 High | ||
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). | ||||
CVE-2023-2880 | 1 Frauscher | 1 Frauscher Diagnostic System 101 | 2024-11-20 | 7.5 High |
Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device. | ||||
CVE-2024-34484 | 2024-11-20 | N/A | ||
OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0. | ||||
CVE-2023-37210 | 1 Mozilla | 1 Firefox | 2024-11-20 | 6.5 Medium |
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | ||||
CVE-2023-3336 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-20 | 5.3 Medium |
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. | ||||
CVE-2021-46890 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-20 | 9.8 Critical |
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
CVE-2021-46891 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-20 | 9.8 Critical |
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
CVE-2021-46893 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-20 | 7.5 High |
Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity. | ||||
CVE-2023-3455 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-20 | 9.1 Critical |
Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. | ||||
CVE-2023-34337 | 1 Ami | 1 Megarac Sp-x | 2024-11-20 | 7.6 High |
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | ||||
CVE-2024-52765 | 2024-11-20 | N/A | ||
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. |