Filtered by CWE-20
Total 11839 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-21829 2024-09-16 7.5 High
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2007-6445 2024-09-16 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6117. Reason: This candidate is a duplicate of CVE-2007-6117. Notes: All CVE users should reference CVE-2007-6117 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2024-45058 1 Portabilis 1 I-educar 2024-09-13 8.1 High
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue.
CVE-2021-38122 1 Microfocus 1 Netiq Advanced Authentication 2024-09-13 6.2 Medium
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1
CVE-2024-41856 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-09-13 7.8 High
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-8073 1 Hillstonenet 1 Web Application Firewall 2024-09-12 9.8 Critical
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: fromĀ 5.5R6-2.6.7 through 5.5R6-2.8.13.
CVE-2024-45441 1 Huawei 2 Emui, Harmonyos 2024-09-12 6.2 Medium
Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-34163 1 Intel 27 Lapac71g Firmware, Lapac71h Firmware, Lapbc510 Firmware and 24 more 2024-09-12 7.5 High
Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.
CVE-2024-28947 1 Intel 1 Server Board S2600st Firmware 2024-09-12 8.2 High
Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-42424 2024-09-10 5.3 Medium
Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-45446 1 Huawei 2 Emui, Harmonyos 2024-09-06 5.5 Medium
Access permission verification vulnerability in the camera driver module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-45444 1 Huawei 2 Emui, Harmonyos 2024-09-06 5.5 Medium
Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-42458 1 Any1 1 Neatvnc 2024-09-05 9.8 Critical
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.
CVE-2024-44808 1 Vypor 1 Attack Api System 2024-09-05 9.8 Critical
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.
CVE-2024-23362 1 Qualcomm 205 9205 Lte Modem Firmware, Aqt1000 Firmware, Ar8031 Firmware and 202 more 2024-09-05 7.1 High
Cryptographic issue while parsing RSA keys in COBR format.
CVE-2024-44809 1 Recantha 1 Pi Camera Project 2024-09-04 9.8 Critical
A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks.
CVE-2024-24973 1 Intel 2 Distribution For Gdb, Oneapi Base Toolkit 2024-08-31 2.2 Low
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-44070 2 Frrouting, Redhat 2 Frrouting, Enterprise Linux 2024-08-30 9.8 Critical
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-38303 2024-08-29 5.3 Medium
Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-42531 1 Ezviz 1 Cs-cv246 Firmware 2024-08-29 9.8 Critical
Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk.