Search Results (367158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-49840 1 Qualcomm 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more 2025-02-05 7.8 High
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
CVE-2024-49843 1 Qualcomm 104 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 7800 and 101 more 2025-02-05 7.8 High
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.
CVE-2024-49834 1 Qualcomm 254 Csra6620, Csra6620 Firmware, Csra6640 and 251 more 2025-02-05 7.8 High
Memory corruption while power-up or power-down sequence of the camera sensor.
CVE-2024-45582 1 Qualcomm 68 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 65 more 2025-02-05 7.8 High
Memory corruption while validating number of devices in Camera kernel .
CVE-2022-47505 1 Solarwinds 1 Orion Platform 2025-02-05 7.8 High
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.
CVE-2024-45584 1 Qualcomm 248 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 245 more 2025-02-05 7.8 High
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
CVE-2024-49832 1 Qualcomm 50 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 47 more 2025-02-05 7.8 High
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
CVE-2024-37899 1 Xwiki 1 Xwiki 2025-02-05 9.1 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}`. As an admin, go to the user profile and click the "Disable this account" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Workarounds We're not aware of any workaround except upgrading. ### References * https://jira.xwiki.org/browse/XWIKI-21611 * https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
CVE-2024-49833 1 Qualcomm 160 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 157 more 2025-02-05 7.8 High
Memory corruption can occur in the camera when an invalid CID is used.
CVE-2023-2160 1 Modoboa 1 Modoboa 2025-02-05 6.3 Medium
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
CVE-2024-6007 1 Netentsec 1 Application Security Gateway 2025-02-05 6.3 Medium
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-2020 1 Checkmk 1 Checkmk 2025-02-05 4.3 Medium
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.
CVE-2023-30556 1 Archerydms 1 Archery 2025-02-05 6.5 Medium
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of `sql_optimize.py`. User input coming from the `db_name` parameter value in `sql_optimize.py` is passed to the `sqltuningadvisor` method in `oracle.py`for execution. To mitigate escape the variables accepted via user input when used in `sql_optimize.py`. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed as `GHSL-2022-107`.
CVE-2022-38099 1 Intel 16 Nuc11dbbi7, Nuc11dbbi7 Firmware, Nuc11dbbi9 and 13 more 2025-02-05 7.5 High
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-48747 1 Booster 1 Booster For Woocommerce 2025-02-05 6.5 Medium
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2.
CVE-2023-33930 1 Unlimited-elements 1 Unlimited Elements For Elementor 2025-02-05 9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66.
CVE-2024-55192 1 Openimageio 1 Openimageio 2025-02-05 9.8 Critical
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
CVE-2023-30611 1 Discourse 1 Reactions 2025-02-05 4.3 Medium
Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue.
CVE-2023-30610 1 Amazon 1 Aws-sigv4 2025-02-05 5.5 Medium
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is enabled for an SDK, `SigningParams` is printed, thereby revealing those credentials to anyone with access to logs. All users of the AWS SDK for Rust who enabled TRACE-level logging, either globally (e.g. `RUST_LOG=trace`), or for the `aws-sigv4` crate specifically are affected. This issue has been addressed in a set of new releases. Users are advised to upgrade. Users unable to upgrade should disable TRACE-level logging for AWS Rust SDK crates.
CVE-2023-29926 1 Powerjob 1 Powerjob 2025-02-05 9.8 Critical
PowerJob V4.3.2 has unauthorized interface that causes remote code execution.