Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28929 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | N/A | 8.8 HIGH |
|
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-33779 | 1 Xuxueli | 1 Xxl-job | 2025-01-14 | N/A | 8.8 HIGH |
|
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
|
|||||
| CVE-2022-22680 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2018-7184 | 5 Canonical, Netapp, Ntp and 2 more | 10 Ubuntu Linux, Cloud Backup, Steelstore Cloud Integrated Storage and 7 more | 2025-01-14 | 5.0 MEDIUM | 7.5 HIGH |
|
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
|
|||||
| CVE-2018-7185 | 6 Canonical, Hpe, Netapp and 3 more | 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more | 2025-01-14 | 5.0 MEDIUM | 7.5 HIGH |
|
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
|
|||||
| CVE-2018-7170 | 4 Hpe, Netapp, Ntp and 1 more | 10 Hpux-ntp, Hci, Solidfire and 7 more | 2025-01-14 | 3.5 LOW | 5.3 MEDIUM |
|
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
|
|||||
| CVE-2023-31873 | 1 Gin Project | 1 Gin | 2025-01-14 | N/A | 7.8 HIGH |
|
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
|
|||||
| CVE-2023-30350 | 1 Fs | 2 S3900 24t4s, S3900 24t4s Firmware | 2025-01-14 | N/A | 8.8 HIGH |
|
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.
|
|||||
| CVE-2020-9236 | 1 Huawei | 1 Fusioncompute | 2025-01-14 | N/A | 8.8 HIGH |
|
There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236.
|
|||||
| CVE-2024-54100 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-14 | N/A | 6.2 MEDIUM |
|
Vulnerability of improper access control in the secure input module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
|
|||||
| CVE-2023-28153 | 1 Kiddoware | 1 Kiddoware | 2025-01-14 | N/A | 6.4 MEDIUM |
|
An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.
|
|||||
| CVE-2023-24604 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 4.3 MEDIUM |
|
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.
|
|||||
| CVE-2023-24603 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 6.5 MEDIUM |
|
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.
|
|||||
| CVE-2021-37845 | 1 Citadel | 1 Webcit | 2025-01-14 | N/A | 3.7 LOW |
|
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.
|
|||||
| CVE-2019-19791 | 1 Lemonldap-ng | 1 Lemonldap\ | 2025-01-14 | N/A | 9.8 CRITICAL |
|
In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive.
|
|||||
| CVE-2024-54119 | 1 Huawei | 1 Harmonyos | 2025-01-14 | N/A | 6.2 MEDIUM |
|
Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2020-9082 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2025-01-14 | N/A | 3.5 LOW |
|
There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082.
|
|||||
| CVE-2024-49111 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-14 | N/A | 6.6 MEDIUM |
|
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49110 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-14 | N/A | 6.8 MEDIUM |
|
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-14 | N/A | 9.8 CRITICAL |
|
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49113 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-14 | N/A | 7.5 HIGH |
|
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
|
|||||
| CVE-2024-49114 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-14 | N/A | 7.8 HIGH |
|
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49117 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-01-14 | N/A | 8.8 HIGH |
|
Windows Hyper-V Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49121 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-14 | N/A | 7.5 HIGH |
|
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
|
|||||
| CVE-2024-49125 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-01-14 | N/A | 8.8 HIGH |
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-29742 | 1 Bestweather Project | 1 Bestweather | 2025-01-14 | N/A | 7.8 HIGH |
|
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database.
|
|||||
| CVE-2023-29741 | 1 Bestweather Project | 1 Bestweather | 2025-01-14 | N/A | 9.8 CRITICAL |
|
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.
|
|||||
| CVE-2023-29740 | 1 Amdroidapp | 1 Alarm Clock For Heavy Sleepers | 2025-01-14 | N/A | 7.5 HIGH |
|
An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database.
|
|||||
| CVE-2023-29739 | 1 Amdroidapp | 1 Alarm Clock For Heavy Sleepers | 2025-01-14 | N/A | 9.8 CRITICAL |
|
An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
|
|||||
| CVE-2023-29738 | 1 Wavekeyboard | 1 Wave Animated Keyboard Emoji | 2025-01-14 | N/A | 7.8 HIGH |
|
An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files.
|
|||||
| CVE-2022-47029 | 1 Actionlauncher | 1 Action Launcher | 2025-01-14 | N/A | 7.8 HIGH |
|
An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update.
|
|||||
| CVE-2023-24599 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 4.3 MEDIUM |
|
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."
|
|||||
| CVE-2023-24598 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 4.3 MEDIUM |
|
OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user.
|
|||||
| CVE-2023-29737 | 1 Wavekeyboard | 1 Wave Animated Keyboard Emoji | 2025-01-14 | N/A | 5.5 MEDIUM |
|
An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files.
|
|||||
| CVE-2023-29733 | 1 Dualspace | 1 Lock Master | 2025-01-14 | N/A | 7.8 HIGH |
|
The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack.
|
|||||
| CVE-2023-24600 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 4.3 MEDIUM |
|
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
|
|||||
| CVE-2023-29728 | 1 Applika | 1 Call Blocker | 2025-01-13 | N/A | 9.8 CRITICAL |
|
The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.
|
|||||
| CVE-2023-33100 | 1 Qualcomm | 100 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 97 more | 2025-01-13 | N/A | 7.5 HIGH |
|
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.
|
|||||
| CVE-2024-21452 | 1 Qualcomm | 12 C-v2x 9150, C-v2x 9150 Firmware, Qca6584au and 9 more | 2025-01-13 | N/A | 7.3 HIGH |
|
Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.
|
|||||
| CVE-2024-56456 | 1 Huawei | 1 Harmonyos | 2025-01-13 | N/A | 6.8 MEDIUM |
|
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||