Total
12142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38122 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 6.2 Medium |
| A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | ||||
| CVE-2024-41856 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-09-13 | 7.8 High |
| Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-8073 | 1 Hillstonenet | 1 Web Application Firewall | 2024-09-12 | 9.8 Critical |
| Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13. | ||||
| CVE-2024-45441 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-12 | 6.2 Medium |
| Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-34163 | 1 Intel | 27 Lapac71g Firmware, Lapac71h Firmware, Lapbc510 Firmware and 24 more | 2024-09-12 | 7.5 High |
| Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. | ||||
| CVE-2024-28947 | 1 Intel | 1 Server Board S2600st Firmware | 2024-09-12 | 8.2 High |
| Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-45446 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.5 Medium |
| Access permission verification vulnerability in the camera driver module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-45444 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.5 Medium |
| Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42458 | 1 Any1 | 1 Neatvnc | 2024-09-05 | 9.8 Critical |
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369. | ||||
| CVE-2024-44808 | 1 Vypor | 1 Attack Api System | 2024-09-05 | 9.8 Critical |
| An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. | ||||
| CVE-2024-23362 | 1 Qualcomm | 205 9205 Lte Modem Firmware, Aqt1000 Firmware, Ar8031 Firmware and 202 more | 2024-09-05 | 7.1 High |
| Cryptographic issue while parsing RSA keys in COBR format. | ||||
| CVE-2024-44809 | 1 Recantha | 1 Pi Camera Project | 2024-09-04 | 9.8 Critical |
| A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks. | ||||
| CVE-2024-24973 | 1 Intel | 2 Distribution For Gdb, Oneapi Base Toolkit | 2024-08-31 | 2.2 Low |
| Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-42531 | 1 Ezviz | 1 Cs-cv246 Firmware | 2024-08-29 | 9.8 Critical |
| Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk. | ||||
| CVE-2024-6978 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | 5.6 Medium |
| Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28. | ||||
| CVE-2024-6973 | 1 Catonetworks | 2 Cato Client, Sdp Client | 2024-08-27 | 7.5 High |
| Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34. | ||||
| CVE-2024-7988 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-08-26 | 9.8 Critical |
| A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten. | ||||
| CVE-2024-7980 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | 7.3 High |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | ||||
| CVE-2024-45258 | 1 Imroc | 1 Req | 2024-08-26 | 9.8 Critical |
| The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design. | ||||
| CVE-2024-41976 | 1 Siemens | 54 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 51 more | 2024-08-23 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly validate input in specific VPN configuration fields. This could allow an authenticated remote attacker to execute arbitrary code on the device. | ||||