Total
205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25731 | 1 Mozilla | 1 Firefox | 2025-01-10 | N/A | 8.8 HIGH |
| Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. | |||||
| CVE-2024-56716 | 1 Linux | 1 Linux Kernel | 2025-01-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. | |||||
| CVE-2024-52901 | 1 Ibm | 1 Infosphere Information Server | 2025-01-07 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. | |||||
| CVE-2024-55407 | 2025-01-07 | N/A | 7.8 HIGH | ||
| An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests. | |||||
| CVE-2023-30082 | 1 Enhancesoft | 1 Osticket | 2025-01-06 | N/A | 7.5 HIGH |
| A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory. | |||||
| CVE-2024-20149 | 2025-01-06 | N/A | 7.5 HIGH | ||
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165. | |||||
| CVE-2024-9369 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 9.6 CRITICAL |
| Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-1610 | 2024-12-18 | N/A | 9.8 CRITICAL | ||
| In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. | |||||
| CVE-2024-8508 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-12-17 | N/A | 5.3 MEDIUM |
| NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. | |||||
| CVE-2024-47257 | 2024-11-29 | N/A | 7.5 HIGH | ||
| Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-5102 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | N/A | 7.0 HIGH |
| A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2. | |||||
| CVE-2024-3317 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants. | |||||
| CVE-2024-3185 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent. | |||||
| CVE-2024-39697 | 2024-11-21 | N/A | 8.6 HIGH | ||
| phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6. | |||||
| CVE-2024-30527 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7. | |||||
| CVE-2024-27360 | 1 Samsung | 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more | 2024-11-21 | N/A | 6.0 MEDIUM |
| A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service. | |||||
| CVE-2024-24715 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0. | |||||
| CVE-2024-24690 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Vdi Windows Meeting Clients and 2 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2024-23593 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. | |||||
| CVE-2023-4518 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured. | |||||