Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46763 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-04 | N/A | 5.3 MEDIUM |
| Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | |||||
| CVE-2024-44809 | 2024-09-04 | N/A | 9.8 CRITICAL | ||
| A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks. | |||||
| CVE-2023-45167 | 1 Ibm | 2 Aix, Vios | 2024-09-03 | N/A | 5.5 MEDIUM |
| IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. | |||||
| CVE-2024-23362 | 2024-09-03 | N/A | 7.1 HIGH | ||
| Cryptographic issue while parsing RSA keys in COBR format. | |||||
| CVE-2024-24973 | 1 Intel | 2 Distribution For Gdb, Oneapi Base Toolkit | 2024-08-31 | N/A | 3.3 LOW |
| Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-7512 | 1 Concretecms | 1 Concrete Cms | 2024-08-30 | N/A | 4.8 MEDIUM |
| Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 1.8 with vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. | |||||
| CVE-2024-4350 | 1 Concretecms | 1 Concrete Cms | 2024-08-30 | N/A | 4.8 MEDIUM |
| Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.0 with a vector of AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks, m3dium for reporting. | |||||
| CVE-2024-29008 | 2024-08-29 | N/A | 6.4 MEDIUM | ||
| A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage. Users are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue. | |||||
| CVE-2022-47894 | 2024-08-29 | N/A | 5.3 MEDIUM | ||
| Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-33999 | 2024-08-29 | N/A | 9.8 CRITICAL | ||
| The referrer URL used by MFA required additional sanitizing, rather than being used directly. | |||||
| CVE-2023-52372 | 2024-08-29 | N/A | 7.5 HIGH | ||
| Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-42581 | 1 Samsung | 1 Galaxy Store | 2024-08-29 | N/A | 7.5 HIGH |
| Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. | |||||
| CVE-2024-7394 | 1 Concretecms | 1 Concrete Cms | 2024-08-29 | N/A | 4.8 MEDIUM |
| Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v3.1 rank of 2 with vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and a CVSS v4.0 rank of 1.8 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N . Thanks, m3dium for reporting. | |||||
| CVE-2024-38303 | 2024-08-29 | N/A | 5.3 MEDIUM | ||
| Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-42531 | 2024-08-29 | N/A | 9.8 CRITICAL | ||
| Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk. | |||||
| CVE-2024-0021 | 2024-08-28 | N/A | 7.0 HIGH | ||
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-0045 | 2024-08-27 | N/A | 7.5 HIGH | ||
| In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-6978 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 8.8 HIGH |
| Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28. | |||||
| CVE-2024-6973 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 8.8 HIGH |
| Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34. | |||||
| CVE-2023-49299 | 1 Apache | 1 Dolphinscheduler | 2024-08-26 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue. | |||||