Total
28327 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23744 | 1 Arm | 1 Mbed Tls | 2024-09-12 | N/A | 7.5 HIGH |
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | |||||
CVE-2023-46042 | 1 Get-simple | 1 Getsimplecms | 2024-09-12 | N/A | 9.8 CRITICAL |
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). | |||||
CVE-2023-46033 | 1 Dlink | 4 Dsl-2730u, Dsl-2730u Firmware, Dsl-2750u and 1 more | 2024-09-12 | N/A | 6.8 MEDIUM |
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control. | |||||
CVE-2023-45883 | 2 Enghouse, Microsoft | 2 Qumu, Windows | 2024-09-12 | N/A | 7.8 HIGH |
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM. | |||||
CVE-2024-45450 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-12 | N/A | 7.5 HIGH |
Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2024-34163 | 1 Intel | 18 Nuc X15 Laptop Kit Lapac71g, Nuc X15 Laptop Kit Lapac71g Firmware, Nuc X15 Laptop Kit Lapac71h and 15 more | 2024-09-12 | N/A | 8.2 HIGH |
Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. | |||||
CVE-2024-28947 | 1 Intel | 1 Server Board S2600st Firmware | 2024-09-12 | N/A | 8.2 HIGH |
Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-45054 | 1 Hwameistor | 1 Hwameistor | 2024-09-12 | N/A | 6.7 MEDIUM |
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been patched in version 0.14.6. All users are advised to upgrade. Users unable to upgrade should update and limit the ClusterRole using security-role. | |||||
CVE-2023-26324 | 1 Mi | 1 Getapps | 2024-09-12 | N/A | 9.8 CRITICAL |
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. | |||||
CVE-2023-26322 | 1 Mi | 1 Getapps | 2024-09-12 | N/A | 9.8 CRITICAL |
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. | |||||
CVE-2023-26323 | 1 Mi | 1 App Market | 2024-09-12 | N/A | 9.8 CRITICAL |
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. | |||||
CVE-2024-8461 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2024-09-12 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
CVE-2021-4442 | 1 Linux | 1 Linux Kernel | 2024-09-12 | N/A | 5.5 MEDIUM |
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCP_QUEUE_SEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ _after_ restoring data in the receive queue. mprotect(0x4aa000, 12288, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 3 setsockopt(3, SOL_TCP, TCP_REPAIR, [1], 4) = 0 connect(3, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = 0 setsockopt(3, SOL_TCP, TCP_REPAIR_QUEUE, [1], 4) = 0 sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="0x0000000000000003\0\0", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20 setsockopt(3, SOL_TCP, TCP_REPAIR, [0], 4) = 0 setsockopt(3, SOL_TCP, TCP_QUEUE_SEQ, [128], 4) = 0 recvfrom(3, NULL, 20, 0, NULL, NULL) = -1 ECONNRESET (Connection reset by peer) syslog shows: [ 111.205099] TCP recvmsg seq # bug 2: copied 80, seq 0, rcvnxt 80, fl 0 [ 111.207894] WARNING: CPU: 1 PID: 356 at net/ipv4/tcp.c:2343 tcp_recvmsg_locked+0x90e/0x29a0 This should not be allowed. TCP_QUEUE_SEQ should only be used when queues are empty. This patch fixes this case, and the tx path as well. | |||||
CVE-2024-43264 | 1 Mediavine | 1 Create | 2024-09-12 | N/A | 7.5 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8. | |||||
CVE-2023-46319 | 1 Wallix | 1 Bastion | 2024-09-12 | N/A | 7.5 HIGH |
WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. | |||||
CVE-2023-39739 | 1 Linecorp | 1 Regina Sweets\&bakery | 2024-09-12 | N/A | 8.2 HIGH |
The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
CVE-2023-39737 | 1 Linecorp | 1 Matsuya | 2024-09-12 | N/A | 8.2 HIGH |
The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
CVE-2023-39736 | 1 Linecorp | 1 Fukunaga Memberscard | 2024-09-12 | N/A | 8.2 HIGH |
The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
CVE-2023-39735 | 1 Linecorp | 1 Uomasa Saiji New | 2024-09-12 | N/A | 8.2 HIGH |
The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
CVE-2024-45157 | 1 Arm | 1 Mbed Tls | 2024-09-12 | N/A | 5.1 MEDIUM |
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. |