Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20909 | 1 Cisco | 1 Nexus Dashboard | 2024-11-01 | 6 Medium |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. | ||||
| CVE-2022-20913 | 1 Cisco | 1 Nexus Dashboard | 2024-11-01 | 4.9 Medium |
| A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. | ||||
| CVE-2022-20841 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2024-11-01 | 9 Critical |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20842 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2024-11-01 | 9 Critical |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20850 | 1 Cisco | 14 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1100 Integrated Services Router and 11 more | 2024-11-01 | 5.5 Medium |
| A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. | ||||
| CVE-2022-20945 | 1 Cisco | 8 Catalyst 9800-40, Catalyst 9800-40 Firmware, Catalyst 9800-80 and 5 more | 2024-11-01 | 7.4 High |
| A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. | ||||
| CVE-2024-0127 | 1 Nvidia | 2 Cloud Gaming Virtual Gpu, Virtual Gpu Manager | 2024-11-01 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. | ||||
| CVE-2024-0126 | 1 Nvidia | 3 Cloud Gaming Virtual Gpu, Gpu Display Driver, Virtual Gpu Manager | 2024-11-01 | 8.2 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2014-9815 | 1 Imagemagick | 1 Imagemagick | 2024-10-31 | 5.5 Medium |
| ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. | ||||
| CVE-2014-9813 | 1 Imagemagick | 1 Imagemagick | 2024-10-31 | 5.5 Medium |
| ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | ||||
| CVE-2014-9811 | 1 Imagemagick | 1 Imagemagick | 2024-10-31 | 5.5 Medium |
| The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. | ||||
| CVE-2014-9810 | 1 Imagemagick | 1 Imagemagick | 2024-10-31 | 5.5 Medium |
| The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | ||||
| CVE-2014-9809 | 1 Imagemagick | 1 Imagemagick | 2024-10-31 | 5.5 Medium |
| ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. | ||||
| CVE-2014-9805 | 1 Imagemagick | 1 Imagemagick | 2024-10-31 | 5.5 Medium |
| ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | ||||
| CVE-2014-9806 | 1 Imagemagick | 1 Imagemagick | 2024-10-31 | 5.5 Medium |
| ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. | ||||
| CVE-2014-9808 | 1 Imagemagick | 1 Imagemagick | 2024-10-31 | 5.5 Medium |
| ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. | ||||
| CVE-2024-23600 | 2024-10-31 | 2.7 Low | ||
| Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. | ||||
| CVE-2023-30664 | 1 Samsung | 1 Android | 2024-10-31 | 8.5 High |
| Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30663 | 1 Samsung | 1 Android | 2024-10-31 | 5.3 Medium |
| Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. | ||||
| CVE-2021-45046 | 8 Apache, Cvat, Debian and 5 more | 70 Log4j, Computer Vision Annotation Tool, Debian Linux and 67 more | 2024-10-31 | 9.0 Critical |
| It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | ||||