Total
274607 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-40407 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-12-21 | 9.8 Critical |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
CVE-2019-11001 | 1 Reolink | 10 C1 Pro, C1 Pro Firmware, C2 Pro and 7 more | 2024-12-21 | 7.2 High |
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | ||||
CVE-2022-23227 | 1 Nuuo | 2 Nvrmini2, Nvrmini2 Firmware | 2024-12-21 | 9.8 Critical |
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. | ||||
CVE-2018-14933 | 1 Nuuo | 2 Nvrmini, Nvrmini Firmware | 2024-12-21 | N/A |
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | ||||
CVE-2024-54498 | 1 Apple | 1 Macos | 2024-12-21 | 8.8 High |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox. | ||||
CVE-2024-54515 | 1 Apple | 1 Macos | 2024-12-21 | 7.8 High |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges. | ||||
CVE-2024-54465 | 1 Apple | 1 Macos | 2024-12-21 | 9.8 Critical |
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges. | ||||
CVE-2024-44291 | 1 Apple | 1 Macos | 2024-12-21 | 7.8 High |
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges. | ||||
CVE-2024-54529 | 1 Apple | 1 Macos | 2024-12-21 | 7.8 High |
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2024-54514 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-21 | 8.2 High |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox. | ||||
CVE-2024-54534 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-12-21 | 8.8 High |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. | ||||
CVE-2024-54505 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-12-21 | 6.5 Medium |
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. | ||||
CVE-2024-12727 | 2024-12-21 | 9.8 Critical | ||
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. | ||||
CVE-2024-12729 | 2024-12-21 | 8.8 High | ||
A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). | ||||
CVE-2024-12728 | 2024-12-21 | 9.8 Critical | ||
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). | ||||
CVE-2024-52538 | 2024-12-21 | 7.6 High | ||
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | ||||
CVE-2024-47484 | 2024-12-21 | 8.2 High | ||
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
CVE-2024-47977 | 2024-12-21 | 7.1 High | ||
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
CVE-2024-55089 | 2024-12-21 | N/A | ||
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function. | ||||
CVE-2024-55088 | 2024-12-21 | 8.8 High | ||
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. |