Search Results (366908 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-22103 2 Jungo, Mitsubishielectric 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more 2024-11-21 4.4 Medium
Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).
CVE-2024-22088 1 Chendotjs 1 Lotos Webserver 2024-11-21 9.8 Critical
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.
CVE-2024-22053 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 8.2 High
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
CVE-2024-22052 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 7.5 High
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack
CVE-2024-22045 1 Siemens 1 Sinema Remote Connect Client 2024-11-21 7.6 High
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.
CVE-2024-22043 1 Siemens 1 Parasolid 2024-11-21 3.3 Low
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
CVE-2024-22023 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 5.3 Medium
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
CVE-2024-22016 1 Rapidscada 1 Rapid Scada 2024-11-21 7.8 High
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.
CVE-2024-21916 1 Rockwellautomation 6 Controllogix 5570 Controller, Controllogix 5570 Controller Firmware, Controllogix 5570 Redundant Controller and 3 more 2024-11-21 8.6 High
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.
CVE-2024-21902 1 Qnap 2 Qts, Quts Hero 2024-11-21 6.4 Medium
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
CVE-2024-21901 1 Qnap 2 Myqnapcloud, Qts 2024-11-21 4.7 Medium
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later
CVE-2024-21899 1 Qnap 3 Qts, Quts Hero, Qutscloud 2024-11-21 9.8 Critical
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
CVE-2024-21894 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 9.8 Critical
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
CVE-2024-21863 1 Openatom 1 Openharmony 2024-11-21 4.7 Medium
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
CVE-2024-21860 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
CVE-2024-21852 1 Rapidscada 1 Rapid Scada 2024-11-21 8.8 High
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution.
CVE-2024-21851 1 Openatom 1 Openharmony 2024-11-21 2.9 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
CVE-2024-21845 1 Openatom 1 Openharmony 2024-11-21 2.9 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
CVE-2024-21840 1 Hitachi 1 Storage Plug-in 2024-11-21 7.9 High
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
CVE-2024-21835 1 Intel 1 Extreme Tuning Utility 2024-11-21 6.7 Medium
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.