Vulnerabilities (CVE)

Total 271657 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7325 1 Iobit 1 Driver Booster 2024-09-11 6.8 MEDIUM 7.8 HIGH
A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-27364 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2024-09-11 N/A 5.5 MEDIUM
An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_roamed_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.
CVE-2024-27366 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2024-09-11 N/A 5.5 MEDIUM
An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.
CVE-2024-27367 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2024-09-11 N/A 5.5 MEDIUM
An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_ind(), there is no input validation check on a length coming from userspace, which can lead to integer overflow and a potential heap over-read.
CVE-2024-27368 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2024-09-11 N/A 5.5 MEDIUM
An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_received_frame_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.
CVE-2024-27383 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2024-09-11 N/A 7.8 HIGH
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_get_scan_extra_ies(), there is no input validation check on default_ies coming from userspace, which can lead to a heap overwrite.
CVE-2024-27387 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2024-09-11 N/A 7.8 HIGH
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_rx_range_done_ind(), there is no input validation check on rtt_id coming from userspace, which can lead to a heap overwrite.
CVE-2024-37728 2024-09-11 N/A 7.5 HIGH
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface
CVE-2024-7480 1 Avaya 1 Aura System Manager 2024-09-11 N/A 4.4 MEDIUM
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
CVE-2024-7477 1 Avaya 1 Aura System Manager 2024-09-11 N/A 6.7 MEDIUM
A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
CVE-2024-28298 1 E-bmsoft 1 Bmplanning 2024-09-11 N/A 8.8 HIGH
SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest.
CVE-2024-41127 1 Monkeytype 1 Monkeytype 2024-09-11 N/A 9.6 CRITICAL
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0.
CVE-2024-7436 1 Dlink 2 Di-8100, Di-8100 Firmware 2024-09-11 6.5 MEDIUM 8.8 HIGH
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.
CVE-2024-7438 1 Simplemachines 1 Simple Machines Forum 2024-09-11 4.0 MEDIUM 4.3 MEDIUM
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7437 1 Simplemachines 1 Simple Machines Forum 2024-09-11 5.5 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-35143 1 Ibm 2 Planning Analytics Local, Planning Analytics Workspace 2024-09-11 N/A 9.1 CRITICAL
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.
CVE-2024-7204 1 Ai3 1 Qbibot 2024-09-11 N/A 6.1 MEDIUM
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.
CVE-2024-7323 1 Digiwin 1 Easyflow .net 2024-09-11 N/A 6.5 MEDIUM
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .
CVE-2024-7461 1 Forip 1 Administracao Pabx 2024-09-11 6.8 MEDIUM 9.8 CRITICAL
A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7805 2024-09-11 N/A N/A
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.