Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50558 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-11-13 | N/A | 4.3 MEDIUM |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA ...
Show More |
|||||
| CVE-2024-50557 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-11-13 | N/A | 9.8 CRITICAL |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA ...
Show More |
|||||
| CVE-2024-50353 | 1 Iowacomputergurus | 1 Aspnetcore.utilities.cloudstorage | 2024-11-13 | N/A | 5.3 MEDIUM |
|
ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. This issue was resolved in version 8.0.0 of the library.
|
|||||
| CVE-2024-49887 | 1 Linux | 1 Linux Kernel | 2024-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to don't panic system for no free segment fault injection
f2fs: fix to don't panic system for no free segment fault injection
syzbot reports a f2fs bug as below:
F2FS-fs (loop0): inject no free segment in get_new_segment of __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3167
F2FS-fs (loop0): Stopped filesystem due to reason: 7
------------[ cut here ]------------
kernel BUG at fs/f2fs/segment.c:2748!
CPU: 0 U ...
Show More |
|||||
| CVE-2024-49885 | 1 Linux | 1 Linux Kernel | 2024-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm, slub: avoid zeroing kmalloc redzone
Since commit 946fa0dbf2d8 ("mm/slub: extend redzone check to extra
allocated kmalloc space than requested"), setting orig_size treats
the wasted space (object_size - orig_size) as a redzone. However with
init_on_free=1 we clear the full object->size, including the redzone.
Additionally we clear the object metadata, including the stored orig_size,
making it zero, which makes check_object ...
Show More |
|||||
| CVE-2024-46869 | 1 Linux | 1 Linux Kernel | 2024-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btintel_pcie: Allocate memory for driver private data
Fix driver not allocating memory for struct btintel_data which is used
to store internal data.
|
|||||
| CVE-2024-49940 | 1 Linux | 1 Linux Kernel | 2024-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
l2tp: prevent possible tunnel refcount underflow
When a session is created, it sets a backpointer to its tunnel. When
the session refcount drops to 0, l2tp_session_free drops the tunnel
refcount if session->tunnel is non-NULL. However, session->tunnel is
set in l2tp_session_create, before the tunnel refcount is incremented
by l2tp_session_register, which leaves a small window where
session->tunnel is non-NULL when the tunnel r ...
Show More |
|||||
| CVE-2024-32870 | 1 Combodo | 1 Itop | 2024-11-13 | N/A | 5.8 MEDIUM |
|
Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-34673 | 1 Samsung | 1 Android | 2024-11-13 | N/A | 5.5 MEDIUM |
|
Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
|
|||||
| CVE-2024-34682 | 1 Samsung | 1 Android | 2024-11-13 | N/A | 2.4 LOW |
|
Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.
|
|||||
| CVE-2024-49403 | 1 Samsung | 1 Voice Recorder | 2024-11-13 | N/A | 4.6 MEDIUM |
|
Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.
|
|||||
| CVE-2024-49404 | 1 Samsung | 2 Android, Video Player | 2024-11-13 | N/A | 4.6 MEDIUM |
|
Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.
|
|||||
| CVE-2024-49405 | 1 Samsung | 1 Pass | 2024-11-13 | N/A | 4.6 MEDIUM |
|
Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.
|
|||||
| CVE-2024-49407 | 1 Samsung | 1 Flow | 2024-11-13 | N/A | 4.6 MEDIUM |
|
Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.
|
|||||
| CVE-2024-49947 | 1 Linux | 1 Linux Kernel | 2024-11-12 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: test for not too small csum_start in virtio_net_hdr_to_skb()
syzbot was able to trigger this warning [1], after injecting a
malicious packet through af_packet, setting skb->csum_start and thus
the transport header to an incorrect value.
We can at least make sure the transport header is after
the end of the network header (with a estimated minimal size).
[1]
[ 67.873027] skb len=4096 headroom=16 headlen=14 tailroom=0
m ...
Show More |
|||||
| CVE-2024-9576 | 1 Workbooth Project | 1 Workbooth | 2024-11-12 | N/A | 7.8 HIGH |
|
Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.
|
|||||
| CVE-2024-49401 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.1 HIGH |
|
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
|
|||||
| CVE-2024-34674 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 4.6 MEDIUM |
|
Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
|
|||||
| CVE-2024-34675 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 4.6 MEDIUM |
|
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
|
|||||
| CVE-2024-49402 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 4.6 MEDIUM |
|
Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
|
|||||
| CVE-2024-43601 | 2 Linux, Microsoft | 2 Linux Kernel, Visual Studio Code | 2024-11-08 | N/A | 7.8 HIGH |
|
Visual Studio Code for Linux Remote Code Execution Vulnerability
|
|||||
| CVE-2024-10020 | 1 Heateor | 1 Social Login | 2024-11-08 | N/A | 8.1 HIGH |
|
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an admi ...
Show More |
|||||
| CVE-2024-9946 | 1 Heateor | 1 Super Socializer | 2024-11-08 | N/A | 8.1 HIGH |
|
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. ...
Show More |
|||||
| CVE-2022-48910 | 1 Linux | 1 Linux Kernel | 2024-11-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: ensure we call ipv6_mc_down() at most once
There are two reasons for addrconf_notify() to be called with NETDEV_DOWN:
either the network device is actually going down, or IPv6 was disabled
on the interface.
If either of them stays down while the other is toggled, we repeatedly
call the code for NETDEV_DOWN, including ipv6_mc_down(), while never
calling the corresponding ipv6_mc_up() in between. This will cause a
ne ...
Show More |
|||||
| CVE-2023-29116 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 4.3 MEDIUM |
|
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.
|
|||||
| CVE-2023-29115 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 6.5 MEDIUM |
|
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).
|
|||||
| CVE-2024-10329 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2024-11-08 | N/A | 4.3 MEDIUM |
|
The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
|
|||||
| CVE-2024-30106 | 1 Hcltech | 1 Connections | 2024-11-08 | N/A | 4.3 MEDIUM |
|
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data.
|
|||||
| CVE-2024-38204 | 1 Microsoft | 1 Azure Functions | 2024-11-08 | N/A | 6.5 MEDIUM |
|
Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2024-10319 | 1 Wpxpro | 1 Xpro Addons For Elementor | 2024-11-08 | N/A | 4.3 MEDIUM |
|
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
|
|||||
| CVE-2024-38139 | 1 Microsoft | 1 Dataverse | 2024-11-08 | N/A | 8.8 HIGH |
|
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2024-38408 | 1 Qualcomm | 470 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 467 more | 2024-11-08 | N/A | 9.1 CRITICAL |
|
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
|
|||||
| CVE-2024-51522 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Vulnerability of improper device information processing in the device management module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-51523 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 7.5 HIGH |
|
Information management vulnerability in the Gallery module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-51524 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Permission control vulnerability in the Wi-Fi module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-33031 | 1 Qualcomm | 32 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 29 more | 2024-11-07 | N/A | 6.7 MEDIUM |
|
Memory corruption while processing the update SIM PB records request.
|
|||||
| CVE-2024-51526 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Permission control vulnerability in the hidebug module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-51527 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Permission control vulnerability in the Gallery app
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-51529 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Data verification vulnerability in the battery module
Impact: Successful exploitation of this vulnerability may affect function stability.
|
|||||
| CVE-2024-51530 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
LaunchAnywhere vulnerability in the account module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||