Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25188 1 Nokia 2 Asika Airscale, Asika Airscale Firmware 2024-12-12 5.1 Medium
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.
CVE-2024-21763 1 F5 2 Big-ip, Big-ip Advanced Firewall Manager 2024-12-12 7.5 High
When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-21849 1 F5 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager 2024-12-12 7.5 High
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-23308 1 F5 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager 2024-12-12 7.5 High
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-23982 1 F5 1 Big-ip Policy Enforcement Manager 2024-12-12 7.5 High
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-32049 1 F5 1 Big-ip Next Central Manager 2024-12-12 7.4 High
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-28365 3 Linux, Ubiquiti, Ui 3 Linux Kernel, Unifi Network Application, Unifi Network Application 2024-12-12 9.1 Critical
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
CVE-2024-52999 1 Adobe 1 Substance 3d Modeler 2024-12-12 7.8 High
Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-53000 1 Adobe 1 Substance 3d Modeler 2024-12-12 7.8 High
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-53001 1 Adobe 1 Substance 3d Modeler 2024-12-12 7.8 High
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-53002 1 Adobe 1 Substance 3d Modeler 2024-12-12 7.8 High
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-53003 1 Adobe 1 Substance 3d Modeler 2024-12-12 7.8 High
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-53004 1 Adobe 1 Substance 3d Modeler 2024-12-12 5.5 Medium
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-12149 2 Arubanetworks, Silver-peak 22 Edgeconnect Enterprise, Nx-10700, Nx-11700 and 19 more 2024-12-12 6.8 Medium
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
CVE-2024-53005 1 Adobe 1 Substance 3d Modeler 2024-12-12 5.5 Medium
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-12148 1 Arubanetworks 21 Edgeconnect Enterprise, Nx-10700, Nx-11700 and 18 more 2024-12-12 6.8 Medium
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all ECOS versions prior to : 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
CVE-2024-54933 1 Lopalopa 1 E-learning Management System 2024-12-12 9.8 Critical
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
CVE-2024-54930 1 Lopalopa 1 E-learning Management System 2024-12-12 9.8 Critical
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
CVE-2024-54922 1 Lopalopa 1 E-learning Management System 2024-12-12 9.8 Critical
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
CVE-2024-10922 2024-12-12 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-51647. Reason: This candidate is a reservation duplicate of CVE-2024-51647. Notes: All CVE users should reference CVE-2024-51647 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.