Search Results (364428 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23382 1 Qualcomm 211 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 208 more 2024-11-26 8.4 High
Memory corruption while processing graphics kernel driver request to create DMA fence.
CVE-2023-36751 1 Siemens 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more 2024-11-26 9.1 Critical
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVE-2024-23381 1 Qualcomm 147 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 144 more 2024-11-26 8.4 High
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
CVE-2024-23356 1 Qualcomm 422 Aqt1000, Aqt1000 Firmware, Ar8031 and 419 more 2024-11-26 7.8 High
Memory corruption during session sign renewal request calls in HLOS.
CVE-2024-35660 2 Jeweltheme, Master-addons 2 Master Addons For Elementor, Master Addons 2024-11-26 6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
CVE-2024-21775 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-26 8.3 High
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
CVE-2023-40122 1 Google 1 Android 2024-11-26 5.3 Medium
In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-47573 1 Relyum 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more 2024-11-26 8.8 High
An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.
CVE-2023-41166 1 Stormshield 1 Stormshield Network Security 2024-11-26 5.3 Medium
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.
CVE-2023-29487 3 Apple, Heimdalsecurity, Microsoft 3 Macos, Thor, Windows 2024-11-26 9.1 Critical
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.
CVE-2023-37304 1 Mediawiki 1 Mediawiki 2024-11-26 5.4 Medium
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.
CVE-2023-50475 1 Bcoin 1 Bcoin 2024-11-26 9.1 Critical
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
CVE-2024-48986 2 Arm, Mbed 2 Mbed, Mbed 2024-11-26 7.5 High
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated.
CVE-2023-37360 1 Pacparser Project 1 Pacparser 2024-11-26 5.9 Medium
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
CVE-2023-51708 1 Bentley 2 Assetwise Alim For Transportation, Eb System Management Console 2024-11-26 8.6 High
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25.
CVE-2023-3478 1 Ibos 1 Ibos 2024-11-26 4.7 Medium
A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-35675 1 Advanced-woo-labels 1 Advanced Woo Labels 2024-11-26 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through 1.93.
CVE-2023-22814 1 Westerndigital 12 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 9 more 2024-11-26 10 Critical
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.
CVE-2019-12700 1 Cisco 7 Firepower 1000, Firepower 2100, Firepower 9300 and 4 more 2024-11-26 6.5 Medium
A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.
CVE-2022-20744 1 Cisco 1 Secure Firewall Management Center 2024-11-26 6.5 Medium
A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization.