Vulnerabilities (CVE)

Filtered by CWE-20
Total 10018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-32811 3 Google, Linuxfoundation, Mediatek 21 Android, Yocto, Iot Yocto and 18 more 2024-10-01 N/A 6.7 MEDIUM
In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.
CVE-2022-47185 1 Apache 1 Traffic Server 2024-10-01 N/A 7.5 HIGH
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
CVE-2024-3657 2024-10-01 N/A 7.5 HIGH
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
CVE-2024-8445 2024-10-01 N/A 5.7 MEDIUM
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.
CVE-2024-47076 2024-09-30 N/A 8.6 HIGH
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVE-2024-47175 2024-09-30 N/A 8.6 HIGH
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CVE-2024-6436 2024-09-30 N/A N/A
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted.
CVE-2023-27604 1 Apache 1 Airflow Sqoop Provider 2024-09-27 N/A 8.8 HIGH
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.
CVE-2023-39209 1 Zoom 1 Zoom 2024-09-27 N/A 6.5 MEDIUM
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.
CVE-2023-39208 1 Zoom 1 Zoom 2024-09-27 N/A 7.5 HIGH
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2023-4680 1 Hashicorp 1 Vault 2024-09-26 N/A 6.8 MEDIUM
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
CVE-2024-7023 2024-09-26 N/A 8.0 HIGH
Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
CVE-2023-5097 2 Hypr, Microsoft 2 Workforce Access, Windows 2024-09-25 N/A 5.5 MEDIUM
Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.
CVE-2023-28324 1 Ivanti 1 Endpoint Manager 2024-09-25 N/A 9.8 CRITICAL
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
CVE-2018-14071 1 Cyberhobo 1 Geo Mashup 2024-09-25 7.5 HIGH 9.8 CRITICAL
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
CVE-2024-20017 2024-09-25 N/A 9.8 CRITICAL
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
CVE-2022-48605 1 Huawei 2 Emui, Harmonyos 2024-09-25 N/A 9.8 CRITICAL
Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
CVE-2022-2502 2024-09-25 N/A 7.5 HIGH
A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.
CVE-2024-32858 1 Dell 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more 2024-09-24 N/A 8.2 HIGH
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2024-32856 1 Dell 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more 2024-09-24 N/A 6.0 MEDIUM
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.