Total
29327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47867 | 1 Gradio Project | 1 Gradio | 2024-11-15 | 7.5 High |
| Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with. | ||||
| CVE-2024-10381 | 2 Matrix Comsec, Matrixcomsec | 3 Matrix Door Controller Cosec Vega Faxq Firmware, Cosec Vega Faxq, Cosec Vega Faxq Firmware | 2024-11-14 | 9.8 Critical |
| This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device. | ||||
| CVE-2024-49579 | 1 Jetbrains | 1 Youtrack | 2024-11-14 | 8.1 High |
| In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | ||||
| CVE-2024-40239 | 2 Hitbytes, Hitbytestechnologies | 2 Life, Life | 2024-11-13 | 6.1 Medium |
| An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. | ||||
| CVE-2024-40240 | 2 Homeserve, Homeserveusa | 2 Homeserve, Homeserve | 2024-11-13 | 6.1 Medium |
| An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. | ||||
| CVE-2024-45764 | 1 Dell | 2 Enterprise Sonic Distribution, Enterprise Sonic Os | 2024-11-13 | 9 Critical |
| Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2024-34680 | 1 Samsung | 1 Android | 2024-11-12 | 4 Medium |
| Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. | ||||
| CVE-2024-9180 | 1 Hashicorp | 1 Vault | 2024-11-08 | 7.2 High |
| A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | ||||
| CVE-2024-6763 | 1 Eclipse | 1 Jetty | 2024-11-08 | 3.7 Low |
| Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. | ||||
| CVE-2024-10916 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-08 | 5.3 Medium |
| A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-29126 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 4.2 Medium |
| The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication. | ||||
| CVE-2023-29121 | 2 Enel X, Enelx | 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 9.6 Critical |
| Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system. | ||||
| CVE-2024-0134 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2024-11-08 | 4.1 Medium |
| NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering. | ||||
| CVE-2024-23377 | 1 Qualcomm | 79 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 76 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver. | ||||
| CVE-2024-38422 | 1 Qualcomm | 541 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 538 more | 2024-11-07 | 7.8 High |
| Memory corruption while processing voice packet with arbitrary data received from ADSP. | ||||
| CVE-2024-8305 | 1 Mongodb | 1 Mongodb | 2024-11-07 | 6.5 Medium |
| prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4 | ||||
| CVE-2023-5816 | 1 Bowo | 1 Code Explorer | 2024-11-06 | 4.9 Medium |
| The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance. | ||||
| CVE-2024-49370 | 1 Pimcore | 1 Pimcore | 2024-11-06 | 4.9 Medium |
| Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue. | ||||
| CVE-2024-49675 | 1 Vitaliibryl | 1 Switch User | 2024-11-06 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1. | ||||
| CVE-2024-49217 | 2 Madiri Salman Aashish, Madirisalmanaashish | 2 User-drop-down-roles-in-registration, Adding Drop Down Roles In Registration | 2024-11-06 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. | ||||