Total
81934 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-47317 | 1 Wpquads | 1 Ads | 2024-11-12 | N/A | 8.8 HIGH |
Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84. | |||||
CVE-2024-47318 | 1 Magazine3 | 1 Pwa For Wp \& Amp | 2024-11-12 | N/A | 8.8 HIGH |
Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72. | |||||
CVE-2024-47361 | 1 Webtechstreet | 1 Elementor Addon Elements | 2024-11-12 | N/A | 8.8 HIGH |
Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6. | |||||
CVE-2024-45397 | 1 Dena | 1 H2o | 2024-11-12 | N/A | 7.5 HIGH |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue. | |||||
CVE-2024-45396 | 1 Dena | 1 Quicly | 2024-11-12 | N/A | 7.5 HIGH |
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c. | |||||
CVE-2024-45403 | 1 Dena | 1 H2o | 2024-11-12 | N/A | 7.5 HIGH |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue. | |||||
CVE-2024-52532 | 2024-11-12 | N/A | 7.5 HIGH | ||
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. | |||||
CVE-2024-52530 | 2024-11-12 | N/A | 7.5 HIGH | ||
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. | |||||
CVE-2024-9576 | 1 Workbooth Project | 1 Workbooth | 2024-11-12 | N/A | 7.8 HIGH |
Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script. | |||||
CVE-2024-6400 | 1 Finrota | 1 Finrota | 2024-11-12 | N/A | 7.5 HIGH |
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | |||||
CVE-2024-48322 | 2024-11-12 | N/A | 8.1 HIGH | ||
UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability. | |||||
CVE-2024-46966 | 2024-11-12 | N/A | 8.1 HIGH | ||
The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. | |||||
CVE-2024-46964 | 2024-11-12 | N/A | 8.1 HIGH | ||
The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component. | |||||
CVE-2024-46963 | 2024-11-12 | N/A | 8.1 HIGH | ||
The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component. | |||||
CVE-2024-49401 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.1 HIGH |
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. | |||||
CVE-2024-34679 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.1 HIGH |
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. | |||||
CVE-2024-42442 | 2024-11-12 | N/A | 7.2 HIGH | ||
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode. | |||||
CVE-2024-37365 | 2024-11-12 | N/A | 7.3 HIGH | ||
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. | |||||
CVE-2024-34676 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.3 HIGH |
Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability. | |||||
CVE-2024-34678 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.8 HIGH |
Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. |