Total
274734 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12840 | 1 Redhat | 1 Satellite | 2024-12-24 | 5 Medium |
| A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner. | ||||
| CVE-2024-12677 | 2024-12-24 | 7.8 High | ||
| Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2023-31279 | 2024-12-24 | 8.1 High | ||
| The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This could enable an attacker to configure, manage, and execute AT commands on an unsuspecting user’s devices. | ||||
| CVE-2023-31280 | 2024-12-24 | 5.3 Medium | ||
| An AirVantage online Warranty Checker tool vulnerability could allow an attacker to perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial Number in addition to the warranty status when the Serial Number or IMEI is used to look up warranty status. | ||||
| CVE-2024-45721 | 2024-12-24 | N/A | ||
| home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user. | ||||
| CVE-2024-46873 | 2024-12-24 | N/A | ||
| Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker. | ||||
| CVE-2024-47864 | 2024-12-24 | N/A | ||
| home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down. | ||||
| CVE-2024-52321 | 2024-12-24 | N/A | ||
| Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. | ||||
| CVE-2024-54082 | 2024-12-24 | N/A | ||
| home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user. | ||||
| CVE-2023-32538 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-23 | 7.8 High |
| Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201. | ||||
| CVE-2023-32288 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-23 | 7.8 High |
| Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution. | ||||
| CVE-2023-32276 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-23 | 7.8 High |
| Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | ||||
| CVE-2023-32273 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-23 | 7.8 High |
| Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201. | ||||
| CVE-2023-32270 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-23 | 7.8 High |
| Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | ||||
| CVE-2023-32201 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-23 | 7.8 High |
| Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273. | ||||
| CVE-2023-31239 | 1 Fujielectric | 1 V-server | 2024-12-23 | 7.8 High |
| Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file. | ||||
| CVE-2024-11839 | 2024-12-23 | N/A | ||
| Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | ||||
| CVE-2024-11012 | 2024-12-23 | 6.3 Medium | ||
| The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | ||||
| CVE-2021-47385 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Rhel Aus and 3 more | 2024-12-23 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multipline alignment] | ||||
| CVE-2021-47382 | 1 Linux | 1 Linux Kernel | 2024-12-23 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed taking discipline_mutex inside qeth_do_reset(), fixing potential deadlocks. An error path was missed though, that still takes discipline_mutex and thus has the original deadlock potential. Intermittent deadlocks were seen when a qeth channel path is configured offline, causing a race between qeth_do_reset and ccwgroup_remove. Call qeth_set_offline() directly in the qeth_do_reset() error case and then a new variant of ccwgroup_set_offline(), without taking discipline_mutex. | ||||