Search Results (363531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-35669 1 Bowo 1 Debug Log Manager 2024-11-26 4.3 Medium
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
CVE-2024-33013 1 Qualcomm 342 Ar8035, Ar8035 Firmware, Csr8811 and 339 more 2024-11-26 7.5 High
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
CVE-2024-33011 1 Qualcomm 501 Ar8035, Ar8035 Firmware, Ar9380 and 498 more 2024-11-26 7.5 High
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
CVE-2024-33010 1 Qualcomm 499 Ar8035, Ar8035 Firmware, Ar9380 and 496 more 2024-11-26 7.5 High
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
CVE-2023-37302 1 Mediawiki 1 Mediawiki 2024-11-26 6.1 Medium
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).
CVE-2024-23384 1 Qualcomm 211 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 208 more 2024-11-26 8.4 High
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
CVE-2024-23383 1 Qualcomm 145 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 142 more 2024-11-26 8.4 High
Memory corruption when kernel driver attempts to trigger hardware fences.
CVE-2024-23382 1 Qualcomm 211 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 208 more 2024-11-26 8.4 High
Memory corruption while processing graphics kernel driver request to create DMA fence.
CVE-2023-36751 1 Siemens 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more 2024-11-26 9.1 Critical
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVE-2024-23381 1 Qualcomm 147 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 144 more 2024-11-26 8.4 High
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
CVE-2024-23356 1 Qualcomm 422 Aqt1000, Aqt1000 Firmware, Ar8031 and 419 more 2024-11-26 7.8 High
Memory corruption during session sign renewal request calls in HLOS.
CVE-2024-35660 2 Jeweltheme, Master-addons 2 Master Addons For Elementor, Master Addons 2024-11-26 6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
CVE-2024-21775 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-26 8.3 High
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
CVE-2023-40122 1 Google 1 Android 2024-11-26 5.3 Medium
In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-47573 1 Relyum 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more 2024-11-26 8.8 High
An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.
CVE-2023-41166 1 Stormshield 1 Stormshield Network Security 2024-11-26 5.3 Medium
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.
CVE-2023-29487 3 Apple, Heimdalsecurity, Microsoft 3 Macos, Thor, Windows 2024-11-26 9.1 Critical
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.
CVE-2023-37304 1 Mediawiki 1 Mediawiki 2024-11-26 5.4 Medium
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.
CVE-2023-50475 1 Bcoin 1 Bcoin 2024-11-26 9.1 Critical
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
CVE-2024-48986 2 Arm, Mbed 2 Mbed, Mbed 2024-11-26 7.5 High
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated.