Vulnerabilities (CVE)

Filtered by CWE-20
Total 10018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39388 1 Huawei 2 Emui, Harmonyos 2024-10-10 N/A 7.5 HIGH
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
CVE-2023-39382 1 Huawei 2 Emui, Harmonyos 2024-10-10 N/A 7.5 HIGH
Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.
CVE-2023-39381 1 Huawei 2 Emui, Harmonyos 2024-10-10 N/A 7.5 HIGH
Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-39390 1 Huawei 2 Emui, Harmonyos 2024-10-10 N/A 7.5 HIGH
Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-39386 1 Huawei 2 Emui, Harmonyos 2024-10-10 N/A 7.5 HIGH
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.
CVE-2024-31449 2024-10-10 N/A 7.0 HIGH
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-31227 2024-10-10 N/A 4.4 MEDIUM
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-47823 2024-10-10 N/A N/A
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a “.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file->getClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute “.php” files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-30092 2024-10-10 N/A 8.0 HIGH
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-8518 2024-10-10 N/A 3.3 LOW
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user.
CVE-2024-20659 2024-10-10 N/A 7.1 HIGH
Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2024-9286 2024-10-10 N/A N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Input Validation vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11.
CVE-2023-21272 1 Google 1 Android 2024-10-09 N/A 7.8 HIGH
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-4941 1 Gradio Project 1 Gradio 2024-10-09 N/A 7.5 HIGH
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a `path` key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the `/file=..` endpoint. This issue is due to the `processing_utils.move_files_to_cache()` function traversing any object passed to it, looking for a dictionary with a `path` key, and then copying the specified file to a temporary directory. The vulnerability can be exploited by an attacker to read files on the remote system, posing a significant security risk.
CVE-2023-49958 1 Dallmann-consulting 1 Open Charge Point Protocol 2024-10-09 N/A 7.5 HIGH
An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.
CVE-2024-21413 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2024-10-09 N/A 9.8 CRITICAL
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21312 1 Microsoft 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more 2024-10-08 N/A 7.5 HIGH
.NET Framework Denial of Service Vulnerability
CVE-2024-0057 1 Microsoft 17 .net, .net Framework, Powershell and 14 more 2024-10-08 N/A 9.8 CRITICAL
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
CVE-2023-29446 1 Ptc 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server 2024-10-08 N/A 4.7 MEDIUM
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
CVE-2023-36674 2024-10-08 N/A 5.3 MEDIUM
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.