Total
352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45922 | 2024-11-19 | N/A | 4.3 MEDIUM | ||
| glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | |||||
| CVE-2024-10945 | 2024-11-13 | N/A | 7.3 HIGH | ||
| A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation. | |||||
| CVE-2024-1556 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
| The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123. | |||||
| CVE-2024-35425 | 2024-11-12 | N/A | N/A | ||
| vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c. | |||||
| CVE-2024-35424 | 2024-11-12 | N/A | 5.5 MEDIUM | ||
| vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-35421 | 2024-11-12 | N/A | 5.5 MEDIUM | ||
| vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-43435 | 2024-11-12 | N/A | 5.3 MEDIUM | ||
| A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary. | |||||
| CVE-2024-35427 | 2024-11-12 | N/A | 5.5 MEDIUM | ||
| vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-45085 | 1 Ibm | 1 Websphere Application Server | 2024-11-08 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. | |||||
| CVE-2023-21405 | 1 Axis | 11 A1001, A1001 Firmware, A1210 \(-b\) and 8 more | 2024-11-08 | N/A | 6.5 MEDIUM |
| Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions. | |||||
| CVE-2023-21246 | 1 Google | 1 Android | 2024-11-06 | N/A | 3.3 LOW |
| In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-52534 | 2024-11-05 | N/A | 5.9 MEDIUM | ||
| In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2021-29544 | 1 Google | 1 Tensorflow | 2024-10-31 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.QuantizeAndDequantizeV4Grad`. This is because the implementation does not validate the rank of the `input_*` tensors. In turn, this results in the tensors being passes as they are to `QuantizeAndDequantizePerChannelGradientImpl`. However, the `vec<T>` method, requires the rank to 1 and triggers a `CHECK` failure otherwise. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 as this is the only other affected version. | |||||
| CVE-2024-44235 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-30 | N/A | 4.6 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. | |||||
| CVE-2024-38461 | 1 Irods | 1 Irods | 2024-10-30 | N/A | 7.5 HIGH |
| irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. | |||||
| CVE-2024-50602 | 2024-10-30 | N/A | 5.9 MEDIUM | ||
| An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | |||||
| CVE-2024-44174 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen. | |||||
| CVE-2024-7826 | 1 Webroot | 1 Secureanywhere Web Shield | 2024-10-30 | 6.2 MEDIUM | 9.8 CRITICAL |
| Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. | |||||
| CVE-2023-46765 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-28 | N/A | 7.5 HIGH |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||
| CVE-2024-47727 | 1 Linux | 1 Linux Kernel | 2024-10-23 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. | |||||