Total
31177 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0228 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | N/A |
| Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. | ||||
| CVE-1999-0144 | 1 Qmail Project | 1 Qmail | 2024-11-20 | N/A |
| Denial of service in Qmail by specifying a large number of recipients with the RCPT command. | ||||
| CVE-1999-0070 | 1 Apache | 1 Http Server | 2024-11-20 | N/A |
| test-cgi program allows an attacker to list files on the server. | ||||
| CVE-2024-50653 | 1 Crmeb | 1 Crmeb | 2024-11-20 | 7.5 High |
| CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection. | ||||
| CVE-2024-50968 | 1 Adonesevangelista | 2 Agri-trading Online Shopping System, Trading Online Shopping System | 2024-11-20 | 7.5 High |
| A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic. This vulnerability causes the total price to be reduced to zero, allowing the attacker to add items to the cart and proceed to checkout. | ||||
| CVE-2023-35686 | 1 Google | 1 Android | 2024-11-20 | 7.8 High |
| In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35659 | 1 Google | 1 Android | 2024-11-20 | 7.8 High |
| In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2017-13227 | 1 Google | 1 Android | 2024-11-20 | 5.5 Medium |
| In the autofill service, the package name that is provided by the app process is trusted inappropriately. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-50557 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-11-20 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device. | ||||
| CVE-2024-22067 | 1 Zte | 2 Nh8091, Nh8091 Firmware | 2024-11-20 | 6.8 Medium |
| ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands. | ||||
| CVE-2024-41167 | 1 Intel | 2 M10jnp2sb, M10jnp2sb Firmware | 2024-11-19 | 7.5 High |
| Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-8979 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-19 | 8 High |
| The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client. | ||||
| CVE-2024-8978 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-19 | 5.7 Medium |
| The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration. | ||||
| CVE-2024-48837 | 1 Dell | 1 Smartfabric Os10 | 2024-11-18 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution | ||||
| CVE-2024-8049 | 1 Progress | 1 Telerik Document Processing Libraries | 2024-11-18 | 6.5 Medium |
| In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable. | ||||
| CVE-2024-52299 | 2 Xwiki, Xwikisas | 2 Pdf Viewer Macro, Macro Pdfviewer | 2024-11-18 | 7.5 High |
| macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6. | ||||
| CVE-2024-52298 | 2 Xwiki, Xwikisas | 2 Pdf Viewer Macro, Macro Pdfviewer | 2024-11-18 | 7.5 High |
| macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs to provide the reference to a PDF file to the macro. To obtain the reference of the desired attachment, the attacker can access the Page Index, Attachments tab. Even if the UI shows N/A, the user can inspect the page and check the HTTP request that fetches the live data entries. The attachment URL is available in the returned JSON for all attachments, including protected ones and allows getting the necessary values. This vulnerability is fixed in version 2.5.6. | ||||
| CVE-2024-42677 | 1 Isellerpal | 1 Enterprise Resource Management System | 2024-11-18 | 5.5 Medium |
| An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component | ||||
| CVE-2024-37398 | 1 Ivanti | 1 Secure Access Client | 2024-11-18 | 7.8 High |
| Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-33031 | 1 Qualcomm | 32 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 29 more | 2024-11-16 | 6.7 Medium |
| Memory corruption while processing the update SIM PB records request. | ||||