Search Results (366857 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-0158 1 Dell 776 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 773 more 2024-11-21 5.1 Medium
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges
CVE-2024-0093 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-11-21 6.5 Medium
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2024-0092 6 Canonical, Citrix, Microsoft and 3 more 14 Ubuntu Linux, Hypervisor, Azure Stack Hci and 11 more 2024-11-21 5.5 Medium
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.
CVE-2024-0091 7 Canonical, Citrix, Linux and 4 more 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more 2024-11-21 7.8 High
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
CVE-2024-0090 7 Canonical, Citrix, Linux and 4 more 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more 2024-11-21 7.8 High
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2024-0089 2 Microsoft, Nvidia 10 Windows, Cloud Gaming, Geforce and 7 more 2024-11-21 7.8 High
NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.
CVE-2024-0086 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-11-21 5.5 Medium
NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.
CVE-2024-0085 6 Canonical, Citrix, Microsoft and 3 more 7 Ubuntu Linux, Hypervisor, Azure Stack Hci and 4 more 2024-11-21 6.3 Medium
NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.
CVE-2024-0084 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-11-21 7.8 High
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.
CVE-2023-7271 1 Huawei 2 Emui, Harmonyos 2024-11-21 5.5 Medium
Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-7248 1 Opentext 1 Vertica 2024-11-21 5 Medium
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.  The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x
CVE-2023-7244 1 Cisa 1 Icsnpp-ethercat 2024-11-21 9.8 Critical
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution.
CVE-2023-7243 1 Cisa 1 Icsnpp-ethercat 2024-11-21 9.8 Critical
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution.
CVE-2023-7242 1 Cisa 1 Icsnpp-ethercat 2024-11-21 8.2 High
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory.
CVE-2023-7226 1 Meiyou 1 Big Whale 2024-11-21 6.3 Medium
A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232.
CVE-2023-7224 1 Openvpn 1 Connect 2024-11-21 7.8 High
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
CVE-2023-7222 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 7.2 High
A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-7214 1 Totolink 2 N350rt, N350rt Firmware 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-7210 1 Onenav 1 Onenav 2024-11-21 7.3 High
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.
CVE-2023-7208 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 8 High
A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.