Total 274607 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40407 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2024-12-21 9.8 Critical
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2019-11001 1 Reolink 10 C1 Pro, C1 Pro Firmware, C2 Pro and 7 more 2024-12-21 7.2 High
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
CVE-2022-23227 1 Nuuo 2 Nvrmini2, Nvrmini2 Firmware 2024-12-21 9.8 Critical
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
CVE-2018-14933 1 Nuuo 2 Nvrmini, Nvrmini Firmware 2024-12-21 N/A
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVE-2024-54498 1 Apple 1 Macos 2024-12-21 8.8 High
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox.
CVE-2024-54515 1 Apple 1 Macos 2024-12-21 7.8 High
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges.
CVE-2024-54465 1 Apple 1 Macos 2024-12-21 9.8 Critical
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.
CVE-2024-44291 1 Apple 1 Macos 2024-12-21 7.8 High
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.
CVE-2024-54529 1 Apple 1 Macos 2024-12-21 7.8 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.
CVE-2024-54514 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-21 8.2 High
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox.
CVE-2024-54534 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-12-21 8.8 High
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
CVE-2024-54505 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2024-12-21 6.5 Medium
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
CVE-2024-12727 2024-12-21 9.8 Critical
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
CVE-2024-12729 2024-12-21 8.8 High
A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).
CVE-2024-12728 2024-12-21 9.8 Critical
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).
CVE-2024-52538 2024-12-21 7.6 High
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVE-2024-47484 2024-12-21 8.2 High
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-47977 2024-12-21 7.1 High
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-55089 2024-12-21 N/A
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function.
CVE-2024-55088 2024-12-21 8.8 High
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.