Search Results (364021 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-32996 1 Huawei 2 Emui, Harmonyos 2024-12-09 6.2 Medium
Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32997 1 Huawei 2 Emui, Harmonyos 2024-12-09 8.4 High
Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32999 1 Huawei 2 Emui, Harmonyos 2024-12-09 6.8 Medium
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-1862 1 Cloudflare 1 Warp 2024-12-09 7.3 High
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.
CVE-2023-52383 1 Huawei 2 Emui, Harmonyos 2024-12-09 4.7 Medium
Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52384 1 Huawei 2 Emui, Harmonyos 2024-12-09 4.7 Medium
Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52719 1 Huawei 2 Emui, Harmonyos 2024-12-09 7.1 High
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52720 1 Huawei 2 Emui, Harmonyos 2024-12-09 4.1 Medium
Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52721 1 Huawei 1 Harmonyos 2024-12-09 6.2 Medium
The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-28956 2 Ibm, Microsoft 3 Spectrum Protect, Spectrum Protect Backup-archive Client, Windows 2024-12-09 8.4 High
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.
CVE-2023-3110 1 Silabs 1 Unify Software Development Kit 2024-12-09 9.6 Critical
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
CVE-2023-42954 1 Claris 2 Claris Pro, Filemaker Server 2024-12-09 4.9 Medium
A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.
CVE-2023-52361 1 Huawei 1 Harmonyos 2024-12-09 7.5 High
The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.
CVE-2024-0009 1 Paloaltonetworks 1 Pan-os 2024-12-09 6.3 Medium
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.
CVE-2024-0011 1 Paloaltonetworks 1 Pan-os 2024-12-09 4.3 Medium
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
CVE-2023-4420 1 Sick 7 Lms500, Lms500 Firmware, Lms511 and 4 more 2024-12-09 9.8 Critical
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.
CVE-2023-4418 1 Sick 7 Lms500, Lms500 Firmware, Lms511 and 4 more 2024-12-09 7.5 High
A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.
CVE-2023-4419 1 Sick 7 Lms500, Lms500 Firmware, Lms511 and 4 more 2024-12-09 9.8 Critical
The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.
CVE-2023-31412 1 Sick 7 Lms500, Lms500 Firmware, Lms511 and 4 more 2024-12-09 7.5 High
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
CVE-2023-5288 1 Sick 3 Sim1012, Sim1012-0p0g200, Sim1012-0p0g200 Firmware 2024-12-09 9.8 Critical
A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device.