Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 29495 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-2541 1 Sygnoos 1 Popup Builder 2024-09-09 N/A 7.5 HIGH
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.
CVE-2022-33162 1 Ibm 2 Security Directory Integrator, Security Verify Directory Integrator 2024-09-07 N/A 9.8 CRITICAL
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570.
CVE-2024-7720 1 Hp 1 Security Manager 2024-09-06 N/A 9.8 CRITICAL
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.
CVE-2024-23499 1 Intel 1 Ethernet 800 Series Controllers Driver 2024-09-06 N/A 7.5 HIGH
Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2024-24986 1 Intel 1 Ethernet 800 Series Controllers Driver 2024-09-06 N/A 8.8 HIGH
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-25576 1 Intel 1 Agilex 7 Fpga Firmware 2024-09-06 N/A 7.9 HIGH
improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-26022 1 Intel 1 Aptio V Uefi Firmware Integrator Tools 2024-09-06 N/A 7.8 HIGH
Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28050 1 Intel 2 Arc A Graphics, Iris Xe Graphics 2024-09-06 N/A 5.5 MEDIUM
Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-7697 1 Transsion 1 Carlcare 2024-09-06 N/A 7.5 HIGH
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.
CVE-2024-42967 1 Totolink 2 Lr350, Lr350 Firmware 2024-09-06 N/A 9.8 CRITICAL
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42947 1 Tenda 2 Fh1201, Fh1201 Firmware 2024-09-06 N/A 9.8 CRITICAL
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-43240 1 Wpindeed 1 Ultimate Membership Pro 2024-09-06 N/A 9.8 CRITICAL
Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6.
CVE-2023-7265 1 Huawei 2 Emui, Harmonyos 2024-09-06 N/A 6.2 MEDIUM
Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability
CVE-2024-8460 1 Dlink 2 Dns-320, Dns-320 Firmware 2024-09-06 2.6 LOW 5.9 MEDIUM
A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
CVE-2022-48891 1 Linux 1 Linux Kernel 2024-09-06 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: regulator: da9211: Use irq handler when ready If the system does not come from reset (like when it is kexec()), the regulator might have an IRQ waiting for us. If we enable the IRQ handler before its structures are ready, we crash. This patch fixes: [ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078 [ 1.316096] Call trace: [ 1.316101] blocking_notifier_call_chain+0x20/0xa8 [ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests [ 1.327823] regulator_notifier_call_chain+0x1c/0x2c [ 1.327825] da9211_irq_handler+0x68/0xf8 [ 1.327829] irq_thread+0x11c/0x234 [ 1.327833] kthread+0x13c/0x154
CVE-2024-34641 1 Samsung 1 Android 2024-09-06 N/A 3.3 LOW
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
CVE-2024-41912 1 Hp 2 Poly Clariti Manager, Poly Clariti Manager Firmware 2024-09-06 N/A 9.8 CRITICAL
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
CVE-2022-48887 1 Linux 1 Linux Kernel 2024-09-06 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command buffers from two different threads. Because the lookups never show up in performance profiles replace them with a regular spin lock which fixes the races in accesses to those shared resources. Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and seen crashes with apps using shared resources.
CVE-2024-8298 1 Huawei 2 Emui, Harmonyos 2024-09-06 N/A 5.5 MEDIUM
Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45449 1 Huawei 2 Emui, Harmonyos 2024-09-06 N/A 5.5 MEDIUM
Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality.