Export limit exceeded: 15207 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15207 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56433 | 1 Shadow-maint | 1 Shadow-utils | 2024-12-27 | 3.6 Low |
| shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. | ||||
| CVE-2023-32270 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-23 | 7.8 High |
| Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | ||||
| CVE-2024-9730 | 1 Trimble | 2 Sketchup, Sketchup Viewer | 2024-12-20 | 7.8 High |
| Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24146. | ||||
| CVE-2024-9731 | 1 Trimble | 2 Sketchup, Sketchup Viewer | 2024-12-20 | 7.8 High |
| Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24145. | ||||
| CVE-2024-47528 | 1 Librenms | 1 Librenms | 2024-12-19 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0. | ||||
| CVE-2024-34734 | 1 Google | 1 Android | 2024-12-17 | 7.7 High |
| In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-48493 | 1 Huawei | 1 Emui | 2024-12-17 | 7.5 High |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2022-48492 | 1 Huawei | 1 Emui | 2024-12-17 | 7.5 High |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-2929 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
| A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | ||||
| CVE-2024-11999 | 2024-12-17 | 8.8 High | ||
| CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product. | ||||
| CVE-2018-12123 | 2 Nodejs, Redhat | 2 Node.js, Rhel Software Collections | 2024-12-13 | 4.3 Medium |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. | ||||
| CVE-2024-50089 | 2024-12-12 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-43053 | 1 Qualcomm | 40 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 37 more | 2024-12-12 | 7.8 High |
| Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. | ||||
| CVE-2024-43049 | 1 Qualcomm | 38 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 35 more | 2024-12-12 | 7.8 High |
| Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. | ||||
| CVE-2024-25610 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-11 | 9 Critical |
| In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field. | ||||
| CVE-2024-46547 | 2024-12-11 | 7.5 High | ||
| A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks. | ||||
| CVE-2024-12354 | 2 Razormist, Sourcecodester | 2 Phone Contact Manager System, Phone Shop Sales Managements System Using Php With Source Code | 2024-12-10 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12352 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-12-10 | 4.3 Medium |
| A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12344 | 1 Tp-link | 2 Vn020 F3v, Vn020 F3v Firmware | 2024-12-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12343 | 1 Tp-link | 2 Vn020 F3v, Vn020 F3v Firmware | 2024-12-10 | 6.5 Medium |
| A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | ||||