Total
29495 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-2541 | 1 Sygnoos | 1 Popup Builder | 2024-09-09 | N/A | 7.5 HIGH |
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers. | |||||
CVE-2022-33162 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2024-09-07 | N/A | 9.8 CRITICAL |
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570. | |||||
CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-06 | N/A | 9.8 CRITICAL |
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | |||||
CVE-2024-23499 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 7.5 HIGH |
Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
CVE-2024-24986 | 1 Intel | 1 Ethernet 800 Series Controllers Driver | 2024-09-06 | N/A | 8.8 HIGH |
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-25576 | 1 Intel | 1 Agilex 7 Fpga Firmware | 2024-09-06 | N/A | 7.9 HIGH |
improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | |||||
CVE-2024-26022 | 1 Intel | 1 Aptio V Uefi Firmware Integrator Tools | 2024-09-06 | N/A | 7.8 HIGH |
Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-28050 | 1 Intel | 2 Arc A Graphics, Iris Xe Graphics | 2024-09-06 | N/A | 5.5 MEDIUM |
Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2024-7697 | 1 Transsion | 1 Carlcare | 2024-09-06 | N/A | 7.5 HIGH |
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | |||||
CVE-2024-42967 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | |||||
CVE-2024-42947 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
CVE-2024-43240 | 1 Wpindeed | 1 Ultimate Membership Pro | 2024-09-06 | N/A | 9.8 CRITICAL |
Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6. | |||||
CVE-2023-7265 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 6.2 MEDIUM |
Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability | |||||
CVE-2024-8460 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2024-09-06 | 2.6 LOW | 5.9 MEDIUM |
A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
CVE-2022-48891 | 1 Linux | 1 Linux Kernel | 2024-09-06 | N/A | 5.5 MEDIUM |
In the Linux kernel, the following vulnerability has been resolved: regulator: da9211: Use irq handler when ready If the system does not come from reset (like when it is kexec()), the regulator might have an IRQ waiting for us. If we enable the IRQ handler before its structures are ready, we crash. This patch fixes: [ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078 [ 1.316096] Call trace: [ 1.316101] blocking_notifier_call_chain+0x20/0xa8 [ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests [ 1.327823] regulator_notifier_call_chain+0x1c/0x2c [ 1.327825] da9211_irq_handler+0x68/0xf8 [ 1.327829] irq_thread+0x11c/0x234 [ 1.327833] kthread+0x13c/0x154 | |||||
CVE-2024-34641 | 1 Samsung | 1 Android | 2024-09-06 | N/A | 3.3 LOW |
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. | |||||
CVE-2024-41912 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls. | |||||
CVE-2022-48887 | 1 Linux | 1 Linux Kernel | 2024-09-06 | N/A | 5.5 MEDIUM |
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command buffers from two different threads. Because the lookups never show up in performance profiles replace them with a regular spin lock which fixes the races in accesses to those shared resources. Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and seen crashes with apps using shared resources. | |||||
CVE-2024-8298 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 5.5 MEDIUM |
Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2024-45449 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 5.5 MEDIUM |
Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |