Total
6740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33018 | 1 Qualcomm | 302 Ar8035, Ar8035 Firmware, Csr8811 and 299 more | 2024-11-20 | N/A | 7.5 HIGH |
| Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. | |||||
| CVE-2024-33026 | 1 Qualcomm | 330 Ar8035, Ar8035 Firmware, Csr8811 and 327 more | 2024-11-20 | N/A | 7.5 HIGH |
| Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. | |||||
| CVE-2024-33020 | 1 Qualcomm | 196 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 193 more | 2024-11-20 | N/A | 7.5 HIGH |
| Transient DOS while processing TID-to-link mapping IE elements. | |||||
| CVE-2024-33019 | 1 Qualcomm | 298 Ar8035, Ar8035 Firmware, Csr8811 and 295 more | 2024-11-20 | N/A | 7.5 HIGH |
| Transient DOS while parsing the received TID-to-link mapping action frame. | |||||
| CVE-2024-52613 | 1 Justdan96 | 1 Tsmuxer | 2024-11-20 | N/A | 5.5 MEDIUM |
| A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file. | |||||
| CVE-2024-49536 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2024-11-19 | N/A | 5.5 MEDIUM |
| Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-43449 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-19 | N/A | 6.8 MEDIUM |
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-24425 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2024-50208 | 1 Linux | 1 Linux Kernel | 2024-11-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (contiguous pages in the case of > PAGE_SIZE), but, current logic assumes multiple pages, leading to invalid memory access after 256K PBL entries in the PDE. | |||||
| CVE-2024-43634 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 6.8 MEDIUM |
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-43638 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 6.8 MEDIUM |
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-43643 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 6.8 MEDIUM |
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-43644 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 7.8 HIGH |
| Windows Client-Side Caching Elevation of Privilege Vulnerability | |||||
| CVE-2024-49028 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-11-18 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-49527 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | N/A | 5.5 MEDIUM |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-52876 | 2024-11-18 | N/A | 7.5 HIGH | ||
| Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions (in broadcast mode) via multiple read operations on the ASTM Remote ID (0xFFFA) GATT. | |||||
| CVE-2024-24459 | 2024-11-18 | N/A | 7.5 HIGH | ||
| An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | |||||
| CVE-2024-24454 | 2024-11-18 | N/A | 7.5 HIGH | ||
| An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | |||||
| CVE-2024-52523 | 2024-11-18 | N/A | 4.6 MEDIUM | ||
| Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2. | |||||
| CVE-2024-24453 | 2024-11-18 | N/A | 7.5 HIGH | ||
| An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | |||||