Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-46752 | 1 Frrouting | 1 Frrouting | 2024-04-28 | N/A | 5.9 MEDIUM |
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. | |||||
CVE-2024-29054 | 1 Microsoft | 1 Defender For Iot | 2024-04-26 | N/A | 7.2 HIGH |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
CVE-2024-29055 | 1 Microsoft | 1 Defender For Iot | 2024-04-26 | N/A | 7.2 HIGH |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
CVE-2023-3674 | 2 Fedoraproject, Keylime | 2 Fedora, Keylime | 2024-04-25 | N/A | 2.8 LOW |
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted. | |||||
CVE-2007-0171 | 1 Allmylinks Project | 1 Allmylinks | 2024-04-23 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | |||||
CVE-2007-0172 | 1 Allmyguests Project | 1 Allmyguests | 2024-04-23 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php. | |||||
CVE-2006-4993 | 1 Allmyguests Project | 1 Allmyguests | 2024-04-23 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone). | |||||
CVE-2023-27199 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-04-23 | N/A | 6.7 MEDIUM |
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. | |||||
CVE-2023-27197 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-04-23 | N/A | 6.7 MEDIUM |
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability. | |||||
CVE-2020-14383 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2024-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. | |||||
CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | |||||
CVE-2023-22387 | 1 Qualcomm | 542 205, 205 Firmware, 215 and 539 more | 2024-04-12 | N/A | 7.8 HIGH |
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | |||||
CVE-2023-21673 | 1 Qualcomm | 326 Aqt1000, Aqt1000 Firmware, Ar8035 and 323 more | 2024-04-12 | N/A | 7.8 HIGH |
Improper Access to the VM resource manager can lead to Memory Corruption. | |||||
CVE-2023-21642 | 1 Qualcomm | 26 Qam8295p, Qam8295p Firmware, Qca6574au and 23 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in HAB Memory management due to broad system privileges via physical address. | |||||
CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption due to improper access control in Qualcomm IPC. | |||||
CVE-2023-43536 | 1 Qualcomm | 618 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 615 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS while parse fils IE with length equal to 1. | |||||
CVE-2022-47529 | 1 Rsa | 1 Netwitness | 2024-04-11 | N/A | 6.7 MEDIUM |
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. | |||||
CVE-2021-46914 | 1 Linux | 1 Linux Kernel | 2024-04-10 | N/A | 5.5 MEDIUM |
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix unbalanced device enable/disable in suspend/resume pci_disable_device() called in __ixgbe_shutdown() decreases dev->enable_cnt by 1. pci_enable_device_mem() which increases dev->enable_cnt by 1, was removed from ixgbe_resume() in commit 6f82b2558735 ("ixgbe: use generic power management"). This caused unbalanced increase/decrease. So add pci_enable_device_mem() back. Fix the following call trace. ixgbe 0000:17:00.1: disabling already-disabled device Call Trace: __ixgbe_shutdown+0x10a/0x1e0 [ixgbe] ixgbe_suspend+0x32/0x70 [ixgbe] pci_pm_suspend+0x87/0x160 ? pci_pm_freeze+0xd0/0xd0 dpm_run_callback+0x42/0x170 __device_suspend+0x114/0x460 async_suspend+0x1f/0xa0 async_run_entry_fn+0x3c/0xf0 process_one_work+0x1dd/0x410 worker_thread+0x34/0x3f0 ? cancel_delayed_work+0x90/0x90 kthread+0x14c/0x170 ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x30 | |||||
CVE-2023-32717 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 4.3 MEDIUM |
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | |||||
CVE-2023-32710 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 5.3 MEDIUM |
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. |