Search Results (365329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17772 1 Qualcomm 14 Sd 450, Sd 450 Firmware, Sd 625 and 11 more 2025-01-09 8.8 High
In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.
CVE-2023-34218 1 Jetbrains 1 Teamcity 2025-01-09 9.1 Critical
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
CVE-2017-18153 1 Qualcomm 10 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 7 more 2025-01-09 6.8 Medium
A race condition exists in a driver potentially leading to a use-after-free condition.
CVE-2018-11922 1 Qualcomm 44 215, 215 Firmware, Mdm9206 and 41 more 2025-01-09 7.5 High
Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
CVE-2018-11952 1 Qualcomm 46 Mdm9206, Mdm9206 Firmware, Mdm9607 and 43 more 2025-01-09 7.8 High
An image with a version lower than the fuse version may potentially be booted lead to improper authentication.
CVE-2023-25539 2 Dell, Linux 2 Networker, Linux Kernel 2025-01-09 8.4 High
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2023-34219 1 Jetbrains 1 Teamcity 2025-01-09 4.3 Medium
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVE-2023-34221 1 Jetbrains 1 Teamcity 2025-01-09 4.6 Medium
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
CVE-2023-34222 1 Jetbrains 1 Teamcity 2025-01-09 4.6 Medium
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
CVE-2023-34223 1 Jetbrains 1 Teamcity 2025-01-09 4.3 Medium
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
CVE-2023-34224 1 Jetbrains 1 Teamcity 2025-01-09 4.8 Medium
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVE-2023-34225 1 Jetbrains 1 Teamcity 2025-01-09 4.6 Medium
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
CVE-2023-34226 1 Jetbrains 1 Teamcity 2025-01-09 4.6 Medium
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
CVE-2023-34227 1 Jetbrains 1 Teamcity 2025-01-09 5.3 Medium
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVE-2023-34228 1 Jetbrains 1 Teamcity 2025-01-09 5.3 Medium
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
CVE-2023-34229 1 Jetbrains 1 Teamcity 2025-01-09 4.6 Medium
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
CVE-2023-2758 1 Contec 1 Conprosys Hmi System 2025-01-09 3.7 Low
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time.
CVE-2023-33964 1 Multiversx 1 Mx-chain-go 2025-01-09 8.6 High
mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch in version 1.4.16 introduces `processIfTxErrorCrossShard` for the metachain transaction processor. There are no known workarounds for this issue.
CVE-2023-33966 1 Deno 2 Deno, Deno Runtime 2025-01-09 8.6 High
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue.
CVE-2023-33971 1 Teclib-edition 1 Form Creator 2025-01-09 6.1 Medium
Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields.