Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 29495 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-39353 1 Mattermost 1 Mattermost 2024-11-21 N/A 2.7 LOW
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.
CVE-2024-39322 1 Aimeos Project 1 Ai-controller-frontend 2024-11-21 N/A 5.5 MEDIUM
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.
CVE-2024-39202 1 Dlink 2 Dir-823x Ax3000, Dir-823x Ax3000 Firmware 2024-11-21 N/A 8.8 HIGH
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.
CVE-2024-39118 1 Mommyheather 1 Advanced Backups 2024-11-21 N/A 5.5 MEDIUM
Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up.
CVE-2024-39028 1 Seacms 1 Seacms 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
CVE-2024-38970 1 Vaethink 1 Vaethink 2024-11-21 N/A 4.9 MEDIUM
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.
CVE-2024-38662 1 Linux 1 Linux Kernel 2024-11-21 N/A 4.7 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types.
CVE-2024-38590 1 Linux 1 Linux Kernel 2024-11-21 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdev_err() to ibdev_err_ratelimited(), and change the printing level of cqe dump to debug level.
CVE-2024-38549 1 Linux 1 Linux Kernel 2024-11-21 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL.
CVE-2024-38476 2 Apache, Netapp 2 Http Server, Clustered Data Ontap 2024-11-21 N/A 9.8 CRITICAL
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVE-2024-38462 1 Irods 1 Irods 2024-11-21 N/A 9.8 CRITICAL
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.
CVE-2024-38435 1 Unitronics 1 Vision Plc 2024-11-21 N/A 6.5 MEDIUM
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
CVE-2024-38368 1 Cocoapods 1 Trunk.cocoapods.org 2024-11-21 N/A 9.3 CRITICAL
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all owners removed from a pod, and that made the pod available for the same claiming system. This was patched server-side in commit 71be5440906b6bdfbc0bcc7f8a9fec33367ea0f4 in September 2023.
CVE-2024-38312 1 Mozilla 1 Firefox 2024-11-21 N/A 6.5 MEDIUM
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.
CVE-2024-38301 1 Dell 1 Alienware Command Center 2024-11-21 N/A 6.7 MEDIUM
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
CVE-2024-38295 1 Alcasar 1 Alcasar 2024-11-21 N/A 9.8 CRITICAL
ALCASAR before 3.6.1 allows still_connected.php remote code execution.
CVE-2024-38294 1 Alcasar 1 Alcasar 2024-11-21 N/A 9.8 CRITICAL
ALCASAR before 3.6.1 allows email_registration_back.php remote code execution.
CVE-2024-38257 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h1 and 8 more 2024-11-21 N/A 7.5 HIGH
Microsoft AllJoyn API Information Disclosure Vulnerability
CVE-2024-38217 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-11-21 N/A 5.4 MEDIUM
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38187 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2024-11-21 N/A 7.8 HIGH
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability