Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36740 | 2024-08-22 | N/A | 7.5 HIGH | ||
| An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size. | |||||
| CVE-2023-46047 | 2024-08-22 | N/A | 7.3 HIGH | ||
| An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. | |||||
| CVE-2024-45169 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution via the \xB0\x00\x3c byte sequence. | |||||
| CVE-2024-33657 | 2024-08-21 | N/A | 7.8 HIGH | ||
| This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. | |||||
| CVE-2024-31862 | 2024-08-21 | N/A | 5.3 MEDIUM | ||
| Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | |||||
| CVE-2024-2199 | 2024-08-21 | N/A | 5.7 MEDIUM | ||
| A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. | |||||
| CVE-2023-52552 | 2024-08-20 | N/A | 7.5 HIGH | ||
| Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-32903 | 1 Google | 1 Android | 2024-08-20 | N/A | 7.8 HIGH |
| In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-36737 | 2024-08-20 | N/A | 7.5 HIGH | ||
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter. | |||||
| CVE-2024-4785 | 2024-08-20 | N/A | 7.6 HIGH | ||
| BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero | |||||
| CVE-2024-25009 | 2024-08-20 | N/A | 6.5 MEDIUM | ||
| Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. | |||||
| CVE-2024-22095 | 2024-08-20 | N/A | 7.2 HIGH | ||
| Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-36734 | 2024-08-20 | N/A | 7.5 HIGH | ||
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter. | |||||
| CVE-2024-39949 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2024-08-19 | N/A | 7.5 HIGH |
| A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2024-39948 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2024-08-19 | N/A | 7.5 HIGH |
| A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2024-39950 | 1 Dahuasecurity | 116 Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware, Ipc-hfs8849g-z3-led and 113 more | 2024-08-19 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization. | |||||
| CVE-2024-39944 | 1 Dahuasecurity | 116 Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware, Ipc-hfs8849g-z3-led and 113 more | 2024-08-19 | N/A | 7.5 HIGH |
| A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2024-7646 | 2024-08-19 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | |||||
| CVE-2024-25008 | 2024-08-19 | N/A | 6.8 MEDIUM | ||
| Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability. | |||||
| CVE-2024-43373 | 2 J4k0xb, Microsoft | 2 Webcrack, Windows | 2024-08-16 | N/A | 7.8 HIGH |
| webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1. | |||||