Total
10018 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-32811 | 3 Google, Linuxfoundation, Mediatek | 21 Android, Yocto, Iot Yocto and 18 more | 2024-10-01 | N/A | 6.7 MEDIUM |
In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848. | |||||
CVE-2022-47185 | 1 Apache | 1 Traffic Server | 2024-10-01 | N/A | 7.5 HIGH |
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | |||||
CVE-2024-3657 | 2024-10-01 | N/A | 7.5 HIGH | ||
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service | |||||
CVE-2024-8445 | 2024-10-01 | N/A | 5.7 MEDIUM | ||
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input. | |||||
CVE-2024-47076 | 2024-09-30 | N/A | 8.6 HIGH | ||
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. | |||||
CVE-2024-47175 | 2024-09-30 | N/A | 8.6 HIGH | ||
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. | |||||
CVE-2024-6436 | 2024-09-30 | N/A | N/A | ||
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted. | |||||
CVE-2023-27604 | 1 Apache | 1 Airflow Sqoop Provider | 2024-09-27 | N/A | 8.8 HIGH |
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it. | |||||
CVE-2023-39209 | 1 Zoom | 1 Zoom | 2024-09-27 | N/A | 6.5 MEDIUM |
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. | |||||
CVE-2023-39208 | 1 Zoom | 1 Zoom | 2024-09-27 | N/A | 7.5 HIGH |
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access. | |||||
CVE-2023-4680 | 1 Hashicorp | 1 Vault | 2024-09-26 | N/A | 6.8 MEDIUM |
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. | |||||
CVE-2024-7023 | 2024-09-26 | N/A | 8.0 HIGH | ||
Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | |||||
CVE-2023-5097 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-09-25 | N/A | 5.5 MEDIUM |
Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. | |||||
CVE-2023-28324 | 1 Ivanti | 1 Endpoint Manager | 2024-09-25 | N/A | 9.8 CRITICAL |
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | |||||
CVE-2018-14071 | 1 Cyberhobo | 1 Geo Mashup | 2024-09-25 | 7.5 HIGH | 9.8 CRITICAL |
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input. | |||||
CVE-2024-20017 | 2024-09-25 | N/A | 9.8 CRITICAL | ||
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132. | |||||
CVE-2022-48605 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | N/A | 9.8 CRITICAL |
Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | |||||
CVE-2022-2502 | 2024-09-25 | N/A | 7.5 HIGH | ||
A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function. | |||||
CVE-2024-32858 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-09-24 | N/A | 8.2 HIGH |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
CVE-2024-32856 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-09-24 | N/A | 6.0 MEDIUM |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. |