Total 270794 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-30192 2024-11-20 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2.
CVE-2024-25841 2024-11-20 N/A
In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection.
CVE-2024-0027 2024-11-20 N/A
In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-37207 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-20 6.5 Medium
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVE-2024-4846 2024-11-20 N/A
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.
CVE-2023-37208 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-20 7.8 High
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVE-2024-29747 2024-11-20 N/A
In _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-37211 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-20 8.8 High
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVE-2024-45817 2024-11-20 N/A
In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, which generates an error when an error interrupt is raised. This case causes Xen to recurse through vlapic_error(). The recursion itself is bounded; errors accumulate in the the status register and only generate an interrupt when a new status bit becomes set. However, the lock protecting this state in Xen will try to be taken recursively, and deadlock.
CVE-2024-31950 2024-11-20 7.0 High
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
CVE-2023-2880 1 Frauscher 1 Frauscher Diagnostic System 101 2024-11-20 7.5 High
Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.
CVE-2024-34484 2024-11-20 N/A
OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0.
CVE-2023-37210 1 Mozilla 1 Firefox 2024-11-20 6.5 Medium
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
CVE-2023-3336 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-11-20 5.3 Medium
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.
CVE-2021-46890 1 Huawei 2 Emui, Harmonyos 2024-11-20 9.8 Critical
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2021-46891 1 Huawei 2 Emui, Harmonyos 2024-11-20 9.8 Critical
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2021-46893 1 Huawei 2 Emui, Harmonyos 2024-11-20 7.5 High
Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.
CVE-2023-3455 1 Huawei 2 Emui, Harmonyos 2024-11-20 9.1 Critical
Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.
CVE-2023-34337 1 Ami 1 Megarac Sp-x 2024-11-20 7.6 High
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
CVE-2024-52765 2024-11-20 N/A
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.