Vulnerabilities (CVE)

Filtered by CWE-20
Total 10073 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-33031 1 Qualcomm 32 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 29 more 2024-11-07 N/A 6.7 MEDIUM
Memory corruption while processing the update SIM PB records request.
CVE-2024-51529 1 Huawei 2 Emui, Harmonyos 2024-11-07 N/A 5.5 MEDIUM
Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2024-51530 1 Huawei 2 Emui, Harmonyos 2024-11-07 N/A 5.5 MEDIUM
LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-51520 1 Huawei 1 Harmonyos 2024-11-07 N/A 5.5 MEDIUM
Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-23386 1 Qualcomm 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more 2024-11-07 N/A 6.7 MEDIUM
memory corruption when WiFi display APIs are invoked with large random inputs.
CVE-2024-51514 1 Huawei 1 Harmonyos 2024-11-07 N/A 5.5 MEDIUM
Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-51512 1 Huawei 1 Harmonyos 2024-11-07 N/A 5.5 MEDIUM
Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-51511 1 Huawei 1 Harmonyos 2024-11-07 N/A 5.5 MEDIUM
Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-51519 1 Huawei 1 Harmonyos 2024-11-06 N/A 5.5 MEDIUM
Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-49368 1 Nginxui 1 Nginx Ui 2024-11-06 N/A 9.8 CRITICAL
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue.
CVE-2024-20484 2024-11-06 N/A 7.5 HIGH
A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start.
CVE-2024-45802 1 Squid-cache 1 Squid 2024-11-05 N/A 7.5 HIGH
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
CVE-2024-24549 2024-11-04 N/A 7.5 HIGH
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
CVE-2014-9907 1 Imagemagick 1 Imagemagick 2024-11-04 4.3 MEDIUM 6.5 MEDIUM
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
CVE-2014-9815 1 Imagemagick 1 Imagemagick 2024-10-31 4.3 MEDIUM 5.5 MEDIUM
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
CVE-2014-9813 1 Imagemagick 1 Imagemagick 2024-10-31 4.3 MEDIUM 5.5 MEDIUM
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
CVE-2014-9811 1 Imagemagick 1 Imagemagick 2024-10-31 4.3 MEDIUM 5.5 MEDIUM
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
CVE-2014-9810 1 Imagemagick 1 Imagemagick 2024-10-31 4.3 MEDIUM 5.5 MEDIUM
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
CVE-2014-9809 1 Imagemagick 1 Imagemagick 2024-10-31 4.3 MEDIUM 5.5 MEDIUM
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
CVE-2014-9805 1 Imagemagick 1 Imagemagick 2024-10-31 4.3 MEDIUM 5.5 MEDIUM
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.