Total
29022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42390 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 5.3 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||||
| CVE-2024-42391 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 5.3 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||||
| CVE-2024-10571 | 1 Ays-pro | 1 Chartify | 2024-11-19 | N/A | 9.8 CRITICAL |
| The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-11-15 | N/A | 7.5 HIGH |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | |||||
| CVE-2024-47178 | 1 Expressjs | 1 Basic-auth-connect | 2024-11-15 | N/A | 5.3 MEDIUM |
| basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0. | |||||
| CVE-2024-47867 | 1 Gradio Project | 1 Gradio | 2024-11-15 | N/A | 7.5 HIGH |
| Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with. | |||||
| CVE-2024-10381 | 1 Matrixcomsec | 2 Cosec Vega Faxq, Cosec Vega Faxq Firmware | 2024-11-14 | N/A | 9.8 CRITICAL |
| This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device. | |||||
| CVE-2024-49579 | 1 Jetbrains | 1 Youtrack | 2024-11-14 | N/A | 6.1 MEDIUM |
| In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | |||||
| CVE-2024-40239 | 1 Hitbytes | 1 Life | 2024-11-13 | N/A | 6.8 MEDIUM |
| An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. | |||||
| CVE-2024-40240 | 1 Homeserve | 1 Homeserve | 2024-11-13 | N/A | 6.8 MEDIUM |
| An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. | |||||
| CVE-2024-45764 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-13 | N/A | 9.8 CRITICAL |
| Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-46948 | 1 Northern.tech | 1 Mender | 2024-11-13 | N/A | 4.3 MEDIUM |
| Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | |||||
| CVE-2024-34680 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-6763 | 1 Eclipse | 1 Jetty | 2024-11-08 | N/A | 5.3 MEDIUM |
| Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. | |||||
| CVE-2024-10916 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-50012 | 1 Linux | 1 Linux Kernel | 2024-11-08 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parse_perf_domain function, if the call to of_parse_phandle_with_args returns an error, then the reference to the CPU device node that was acquired at the start of the function would not be properly decremented. Address this by declaring the variable with the __free(device_node) cleanup attribute. | |||||
| CVE-2023-29126 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 8.8 HIGH |
| The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication. | |||||
| CVE-2023-29121 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 8.8 HIGH |
| Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system. | |||||
| CVE-2024-0134 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2024-11-08 | N/A | 4.1 MEDIUM |
| NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering. | |||||
| CVE-2024-23377 | 1 Qualcomm | 78 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 75 more | 2024-11-07 | N/A | 6.7 MEDIUM |
| Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver. | |||||