Total
12644 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2232 | 1 Redhat | 1 Red Hat Single Sign On | 2024-11-15 | 7.5 High |
| A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. | ||||
| CVE-2024-49774 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | 7.2 High |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-50333 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | 6.6 Medium |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-10944 | 1 Rockwellautomation | 1 Factorytalk Updater | 2024-11-13 | 8.4 High |
| A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of a malicious Updated Agent being deployed. | ||||
| CVE-2024-37365 | 1 Rockwellautomation | 1 Factorytalk View Machine Edition | 2024-11-12 | 7.3 High |
| A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. | ||||
| CVE-2024-23983 | 1 Pingidentity | 1 Pingaccess | 2024-11-12 | N/A |
| Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. | ||||
| CVE-2024-50219 | 1 Redhat | 1 Enterprise Linux | 2024-11-11 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-1973 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus | 2024-11-08 | 7.5 High |
| A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory. | ||||
| CVE-2024-51529 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 5.5 Medium |
| Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
| CVE-2024-51530 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 6.6 Medium |
| LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51520 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.5 Medium |
| Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51514 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.3 Medium |
| Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51512 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51511 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51519 | 1 Huawei | 1 Harmonyos | 2024-11-06 | 5 Medium |
| Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-49368 | 1 Nginxui | 1 Nginx Ui | 2024-11-06 | 9.8 Critical |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue. | ||||
| CVE-2024-0127 | 1 Nvidia | 2 Cloud Gaming Virtual Gpu, Virtual Gpu Manager | 2024-11-01 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. | ||||
| CVE-2024-0126 | 1 Nvidia | 3 Cloud Gaming Virtual Gpu, Gpu Display Driver, Virtual Gpu Manager | 2024-11-01 | 8.2 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-7004 | 1 Google | 1 Chrome | 2024-10-29 | 4.3 Medium |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | ||||
| CVE-2024-20464 | 1 Cisco | 1 Ios Xe | 2024-10-24 | 8.6 High |
| A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet. | ||||