Total
29056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46948 | 1 Northern.tech | 1 Mender | 2024-11-13 | N/A | 4.3 MEDIUM |
| Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | |||||
| CVE-2024-34680 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-6763 | 1 Eclipse | 1 Jetty | 2024-11-08 | N/A | 5.3 MEDIUM |
| Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. | |||||
| CVE-2024-10916 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-50012 | 1 Linux | 1 Linux Kernel | 2024-11-08 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parse_perf_domain function, if the call to of_parse_phandle_with_args returns an error, then the reference to the CPU device node that was acquired at the start of the function would not be properly decremented. Address this by declaring the variable with the __free(device_node) cleanup attribute. | |||||
| CVE-2023-29126 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 8.8 HIGH |
| The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication. | |||||
| CVE-2023-29121 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 8.8 HIGH |
| Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system. | |||||
| CVE-2024-0134 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2024-11-08 | N/A | 4.1 MEDIUM |
| NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering. | |||||
| CVE-2024-23377 | 1 Qualcomm | 78 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 75 more | 2024-11-07 | N/A | 6.7 MEDIUM |
| Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver. | |||||
| CVE-2024-38422 | 1 Qualcomm | 536 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 533 more | 2024-11-07 | N/A | 7.8 HIGH |
| Memory corruption while processing voice packet with arbitrary data received from ADSP. | |||||
| CVE-2024-49964 | 1 Linux | 1 Linux Kernel | 2024-11-07 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak memfd_pin_folios followed by unpin_folios fails to restore free_huge_pages if the pages were not already faulted in, because the folio refcount for pages created by memfd_alloc_folio never goes to 0. memfd_pin_folios needs another folio_put to undo the folio_try_get below: memfd_alloc_folio() alloc_hugetlb_folio_nodemask() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() folio_ref_unfreeze(folio, 1); ; adds 1 refcount folio_try_get() ; adds 1 refcount hugetlb_add_to_page_cache() ; adds 512 refcount (on x86) With the fix, after memfd_pin_folios + unpin_folios, the refcount for the (unfaulted) page is 512, which is correct, as the refcount for a faulted unpinned page is 513. | |||||
| CVE-2024-8305 | 1 Mongodb | 1 Mongodb | 2024-11-07 | N/A | 6.5 MEDIUM |
| prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4 | |||||
| CVE-2023-5816 | 1 Bowo | 1 Code Explorer | 2024-11-06 | N/A | 4.9 MEDIUM |
| The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance. | |||||
| CVE-2024-49370 | 1 Pimcore | 1 Pimcore | 2024-11-06 | N/A | 4.9 MEDIUM |
| Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue. | |||||
| CVE-2024-49675 | 1 Vitaliibryl | 1 Switch User | 2024-11-06 | N/A | 8.8 HIGH |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1. | |||||
| CVE-2024-49217 | 1 Madirisalmanaashish | 1 Adding Drop Down Roles In Registration | 2024-11-06 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. | |||||
| CVE-2024-49219 | 1 Themexpo | 1 Rs-members | 2024-11-06 | N/A | 8.8 HIGH |
| Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3. | |||||
| CVE-2024-45785 | 1 Neumann | 1 Musasi | 2024-11-06 | N/A | 7.5 HIGH |
| MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved. | |||||
| CVE-2024-50528 | 1 Stacksmarket | 1 Stacks Mobile App Builder | 2024-11-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | |||||
| CVE-2024-51561 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-06 | N/A | 7.5 HIGH |
| This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts. | |||||