Vulnerabilities (CVE)

Total 81934 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-47317 1 Wpquads 1 Ads 2024-11-12 N/A 8.8 HIGH
Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84.
CVE-2024-47318 1 Magazine3 1 Pwa For Wp \& Amp 2024-11-12 N/A 8.8 HIGH
Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.
CVE-2024-47361 1 Webtechstreet 1 Elementor Addon Elements 2024-11-12 N/A 8.8 HIGH
Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.
CVE-2024-45397 1 Dena 1 H2o 2024-11-12 N/A 7.5 HIGH
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue.
CVE-2024-45396 1 Dena 1 Quicly 2024-11-12 N/A 7.5 HIGH
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c.
CVE-2024-45403 1 Dena 1 H2o 2024-11-12 N/A 7.5 HIGH
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue.
CVE-2024-52532 2024-11-12 N/A 7.5 HIGH
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
CVE-2024-52530 2024-11-12 N/A 7.5 HIGH
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
CVE-2024-9576 1 Workbooth Project 1 Workbooth 2024-11-12 N/A 7.8 HIGH
Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.
CVE-2024-6400 1 Finrota 1 Finrota 2024-11-12 N/A 7.5 HIGH
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.
CVE-2024-48322 2024-11-12 N/A 8.1 HIGH
UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.
CVE-2024-46966 2024-11-12 N/A 8.1 HIGH
The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.
CVE-2024-46964 2024-11-12 N/A 8.1 HIGH
The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component.
CVE-2024-46963 2024-11-12 N/A 8.1 HIGH
The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component.
CVE-2024-49401 1 Samsung 1 Android 2024-11-12 N/A 7.1 HIGH
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
CVE-2024-34679 1 Samsung 1 Android 2024-11-12 N/A 7.1 HIGH
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
CVE-2024-42442 2024-11-12 N/A 7.2 HIGH
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.
CVE-2024-37365 2024-11-12 N/A 7.3 HIGH
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.
CVE-2024-34676 1 Samsung 1 Android 2024-11-12 N/A 7.3 HIGH
Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
CVE-2024-34678 1 Samsung 1 Android 2024-11-12 N/A 7.8 HIGH
Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.