Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0550 | 1 Intel | 752 Celeron 1000m, Celeron 1005m, Celeron 1007u and 749 more | 2024-11-21 | 5.6 Medium |
| Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html | ||||
| CVE-2019-9345 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2019-6569 | 1 Siemens | 10 Scalance X-200, Scalance X-200 Firmware, Scalance X-300 and 7 more | 2024-11-21 | 9.1 Critical |
| The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior. | ||||
| CVE-2019-5108 | 6 Canonical, Debian, Linux and 3 more | 23 Ubuntu Linux, Debian Linux, Linux Kernel and 20 more | 2024-11-21 | 6.5 Medium |
| An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. | ||||
| CVE-2019-5062 | 1 W1.fi | 1 Hostapd | 2024-11-21 | 6.5 Medium |
| An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service. | ||||
| CVE-2019-5061 | 1 W1.fi | 1 Hostapd | 2024-11-21 | 6.5 Medium |
| An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. | ||||
| CVE-2019-11139 | 4 Debian, Intel, Opensuse and 1 more | 117 Debian Linux, Xeon 3104, Xeon 3104 Firmware and 114 more | 2024-11-21 | 6.0 Medium |
| Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2018-12550 | 1 Eclipse | 1 Mosquitto | 2024-11-21 | N/A |
| When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. | ||||
| CVE-2024-8690 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-10-15 | 4.4 Medium |
| A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | ||||
| CVE-2024-47762 | 2 Backstage, Redhat | 2 Backstage, Rhdh | 2024-10-04 | 5.8 Medium |
| Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the APP_CONFIG_* way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. The issue has been resolved in version 0.3.75 of the @backstage/plugin-app-backend package. As a temporary measure, avoid supplying secrets using the APP_CONFIG_ configuration pattern. Consider alternative methods for setting secrets, such as the environment substitution available for Backstage configuration. | ||||
| CVE-2024-7246 | 1 Redhat | 4 Ansible Automation Platform, Rhui, Satellite and 1 more | 2024-08-06 | 4.8 Medium |
| It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4. | ||||