Total
29473 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3614 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 9.8 Critical |
| An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. | ||||
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | ||||
| CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 9.8 Critical |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | ||||
| CVE-2007-3732 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. | ||||
| CVE-2004-2776 | 1 Goscript Project | 1 Goscript | 2024-11-20 | 9.8 Critical |
| go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. | ||||
| CVE-2024-52428 | 1 Scripteo | 2 Ads Booster, Ads Booster By Ads Pro | 2024-11-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. | ||||
| CVE-2024-11308 | 1 Trcore | 1 Dvc | 2024-11-20 | 6.2 Medium |
| The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. | ||||
| CVE-2024-33027 | 1 Qualcomm | 184 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 181 more | 2024-11-20 | 8.4 High |
| Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. | ||||
| CVE-2024-42392 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4 Medium |
| Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | ||||
| CVE-2024-42383 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4.2 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | ||||
| CVE-2024-42385 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4 Medium |
| Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. | ||||
| CVE-2024-42386 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 8.2 High |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | ||||
| CVE-2024-42387 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 5.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-42388 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 5.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-42389 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 5.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-42390 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-42391 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-10571 | 1 Ays-pro | 1 Chartify | 2024-11-19 | 9.8 Critical |
| The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-11-15 | 9.1 Critical |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | ||||
| CVE-2024-47178 | 1 Expressjs | 1 Basic-auth-connect | 2024-11-15 | 5.3 Medium |
| basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0. | ||||