Total
9764 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-31862 | 2024-08-21 | N/A | 5.3 MEDIUM | ||
Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | |||||
CVE-2024-2199 | 2024-08-21 | N/A | 5.7 MEDIUM | ||
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. | |||||
CVE-2023-52552 | 2024-08-20 | N/A | 7.5 HIGH | ||
Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2024-32903 | 1 Google | 1 Android | 2024-08-20 | N/A | 7.8 HIGH |
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-36737 | 2024-08-20 | N/A | 7.5 HIGH | ||
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter. | |||||
CVE-2024-25009 | 2024-08-20 | N/A | 6.5 MEDIUM | ||
Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. | |||||
CVE-2024-4785 | 2024-08-20 | N/A | 7.6 HIGH | ||
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero | |||||
CVE-2024-22095 | 2024-08-20 | N/A | 7.2 HIGH | ||
Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
CVE-2024-36734 | 2024-08-20 | N/A | 7.5 HIGH | ||
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter. | |||||
CVE-2024-39949 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2024-08-19 | N/A | 7.5 HIGH |
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
CVE-2024-39948 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2024-08-19 | N/A | 7.5 HIGH |
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
CVE-2024-39950 | 1 Dahuasecurity | 116 Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware, Ipc-hfs8849g-z3-led and 113 more | 2024-08-19 | N/A | 9.8 CRITICAL |
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization. | |||||
CVE-2024-39944 | 1 Dahuasecurity | 116 Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware, Ipc-hfs8849g-z3-led and 113 more | 2024-08-19 | N/A | 7.5 HIGH |
A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
CVE-2024-25008 | 2024-08-19 | N/A | 6.8 MEDIUM | ||
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability. | |||||
CVE-2024-7646 | 2024-08-19 | N/A | 8.8 HIGH | ||
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | |||||
CVE-2024-43373 | 2 J4k0xb, Microsoft | 2 Webcrack, Windows | 2024-08-16 | N/A | 7.8 HIGH |
webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1. | |||||
CVE-2024-23717 | 2024-08-16 | N/A | 9.1 CRITICAL | ||
In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-25090 | 1 Apache | 1 Roller | 2024-08-16 | N/A | 5.4 MEDIUM |
Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue. | |||||
CVE-2024-32860 | 1 Dell | 44 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R11 and 41 more | 2024-08-16 | N/A | 8.2 HIGH |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
CVE-2024-38189 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-16 | N/A | 8.8 HIGH |
Microsoft Project Remote Code Execution Vulnerability |