Search Results (366571 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28133 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 7.8 High
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. 
CVE-2024-26288 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 8.7 High
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.
CVE-2024-26005 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 4.8 Medium
An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. 
CVE-2024-26004 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 7.5 High
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.
CVE-2024-26003 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 7.5 High
An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. 
CVE-2024-26002 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 7.8 High
An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files.
CVE-2024-25999 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 8.4 High
An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. 
CVE-2024-25997 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 5.3 Medium
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.
CVE-2024-25996 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 5.3 Medium
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.
CVE-2024-21861 1 Intel 1 Graphics Performance Analyzers Framework 2025-01-23 6.7 Medium
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-49535 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-01-23 6.3 Medium
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document.
CVE-2024-21788 1 Intel 1 Graphics Performance Analyzers 2025-01-23 6.7 Medium
Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43748 1 Intel 2 Graphics Performance Analyzer, Graphics Performance Analyzers Framework 2025-01-23 7.8 High
Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43629 1 Intel 1 Graphics Performance Analyzers 2025-01-23 7.8 High
Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-41961 1 Intel 1 Graphics Performance Analyzers 2025-01-23 6.7 Medium
Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40071 1 Intel 1 Graphics Performance Analyzers 2025-01-23 7.3 High
Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35192 1 Intel 2 Graphics Performance Analyzer, Graphics Performance Analyzers Framework 2025-01-23 6.7 Medium
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-24460 1 Intel 1 Graphics Performance Analyzers 2025-01-23 8.2 High
Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-37026 2025-01-23 6.5 Medium
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Release Response` packet missing an expected `MME_UE_S1AP_ID` field.
CVE-2023-37025 2025-01-23 6.5 Medium
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Reset` packet missing an expected `ResetType` field.