Total
29157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52387 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 7.5 High |
| Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-28956 | 2 Ibm, Microsoft | 3 Spectrum Protect, Spectrum Protect Backup-archive Client, Windows | 2024-12-09 | 8.4 High |
| IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. | ||||
| CVE-2023-5102 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-12-09 | 5.3 Medium |
| Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | ||||
| CVE-2023-43697 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-12-09 | 6.5 Medium |
| Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. | ||||
| CVE-2024-42156 | 1 Linux | 1 Linux Kernel | 2024-12-09 | 4.1 Medium |
| In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. | ||||
| CVE-2023-29931 | 1 Laravels Project | 1 Laravels | 2024-12-06 | 9.8 Critical |
| laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | ||||
| CVE-2022-45287 | 1 Temenos | 1 Cwx | 2024-12-06 | 8.8 High |
| An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. | ||||
| CVE-2023-28094 | 1 Pega | 1 Pega Platform | 2024-12-06 | 8.1 High |
| Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. | ||||
| CVE-2020-36782 | 1 Linux | 1 Linux Kernel | 2024-12-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in lpi2c_imx_master_enable. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | ||||
| CVE-2020-36778 | 1 Linux | 1 Linux Kernel | 2024-12-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in xiic_xfer and xiic_i2c_remove. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | ||||
| CVE-2020-36784 | 1 Linux | 1 Linux Kernel | 2024-12-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | ||||
| CVE-2020-36783 | 1 Linux | 1 Linux Kernel | 2024-12-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions img_i2c_xfer and img_i2c_init. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | ||||
| CVE-2020-36781 | 1 Linux | 1 Linux Kernel | 2024-12-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix reference leak when pm_runtime_get_sync fails In i2c_imx_xfer() and i2c_imx_remove(), the pm reference count is not expected to be incremented on return. However, pm_runtime_get_sync will increment pm reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | ||||
| CVE-2020-36779 | 1 Linux | 1 Linux Kernel | 2024-12-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in these stm32f7_i2c_xx serious functions. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | ||||
| CVE-2024-49580 | 1 Jetbrains | 1 Ktor | 2024-12-06 | 5.3 Medium |
| In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure | ||||
| CVE-2023-34673 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-12-05 | 6.5 Medium |
| Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases. | ||||
| CVE-2023-34671 | 1 Elenos | 2 Etg150 Fm, Etg150 Fm Firmware | 2024-12-05 | 8.8 High |
| Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases. | ||||
| CVE-2023-27197 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-12-05 | 6.7 Medium |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability. | ||||
| CVE-2023-21172 | 1 Google | 1 Android | 2024-12-05 | 7.8 High |
| In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015 | ||||
| CVE-2021-31635 | 1 Jfinal | 1 Jfinal | 2024-12-05 | 9.8 Critical |
| Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. | ||||