Filtered by CWE-20
Total 11838 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-15273 1 Cisco 1 Telepresence Collaboration Endpoint 2024-11-21 4.4 Medium
Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by authenticating as the remote support user and submitting malicious input to specific commands. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying filesystem. The attacker has no control over the contents of the data written to the file. Overwriting a critical file could cause the device to crash, resulting in a denial of service condition (DoS).
CVE-2019-15966 1 Cisco 1 Telepresence Advanced Media Gateway 2024-11-21 7.7 High
A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.
CVE-2019-15276 1 Cisco 1 Wireless Lan Controller Software 2024-11-21 6.5 Medium
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.
CVE-2023-38740 4 Ibm, Linux, Microsoft and 1 more 4 Db2, Linux Kernel, Windows and 1 more 2024-11-21 5.3 Medium
IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.
CVE-2023-27559 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2024-11-21 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.
CVE-2024-9286 1 Trtek Software 1 Distant Education Platform 2024-11-21 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Input Validation vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11.
CVE-2023-3456 1 Huawei 2 Emui, Harmonyos 2024-11-21 5.3 Medium
Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-11404 2024-11-21 5.5 Medium
Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.
CVE-2024-7646 2024-11-21 8.8 High
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
CVE-2024-7490 1 Microchip 1 Advanced Software Framework 2024-11-21 9.8 Critical
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.
CVE-2024-7014 2024-11-21 N/A
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.
CVE-2024-6376 1 Mongodb 1 Compass 2024-11-21 7 High
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
CVE-2024-6333 1 Xerox 4 Altalink Firmware, Versalink Firmware, Workcentre Firmware and 1 more 2024-11-21 7.2 High
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.
CVE-2024-6298 1 Abb 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more 2024-11-21 9.8 Critical
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux allows Remote Code Inclusion.This issue affects ASPECT-Enterprise: through 3.08.01; NEXUS Series: through 3.08.01; MATRIX Series: through 3.08.01.
CVE-2024-6284 2024-11-21 N/A
In https://github.com/google/nftables  IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects:  https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version:  https://pkg.go.dev/github.com/google/nftables@v0.2.0
CVE-2024-6239 2 Freedesktop, Redhat 2 Poppler, Enterprise Linux 2024-11-21 7.5 High
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
CVE-2024-6089 1 Rockwellautomation 2 5015-aenftxt, 5015-aenftxt Firmware 2024-11-21 7.5 High
An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product.
CVE-2024-5990 1 Rockwellautomation 2 Thinmanager, Thinserver 2024-11-21 7.5 High
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
CVE-2024-5989 1 Rockwellautomation 2 Thinmanager, Thinserver 2024-11-21 9.8 Critical
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CVE-2024-5988 1 Rockwellautomation 2 Thinmanager, Thinserver 2024-11-21 9.8 Critical
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.