Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11079 | 2024-12-18 | N/A | 5.5 MEDIUM | ||
| A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. | |||||
| CVE-2024-23634 | 1 Geoserver | 1 Geoserver | 2024-12-17 | N/A | 6.0 MEDIUM |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue. | |||||
| CVE-2023-21138 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090 | |||||
| CVE-2024-23705 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-23668 | 1 Fortinet | 1 Fortiwebmanager | 2024-12-17 | N/A | 8.8 HIGH |
| An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. | |||||
| CVE-2024-23707 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-23706 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0045 | 1 Google | 1 Android | 2024-12-17 | N/A | 6.5 MEDIUM |
| In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2020-12487 | 2024-12-17 | N/A | 7.0 HIGH | ||
| Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege. | |||||
| CVE-2024-0031 | 1 Google | 1 Android | 2024-12-16 | N/A | 9.8 CRITICAL |
| In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-23717 | 1 Google | 1 Android | 2024-12-16 | N/A | 8.8 HIGH |
| In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0021 | 1 Google | 1 Android | 2024-12-16 | N/A | 7.8 HIGH |
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2018-12123 | 1 Nodejs | 1 Node.js | 2024-12-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. | |||||
| CVE-2024-43052 | 1 Qualcomm | 182 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 179 more | 2024-12-12 | N/A | 7.8 HIGH |
| Memory corruption while processing API calls to NPU with invalid input. | |||||
| CVE-2024-12401 | 2024-12-12 | N/A | 4.4 MEDIUM | ||
| A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. | |||||
| CVE-2023-31366 | 1 Amd | 1 Uprof | 2024-12-12 | N/A | 3.3 LOW |
| Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | |||||
| CVE-2024-32989 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | N/A | 3.3 LOW |
| Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-32990 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | N/A | 6.1 MEDIUM |
| Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-32992 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | N/A | 7.5 HIGH |
| Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-11737 | 2024-12-11 | N/A | 9.8 CRITICAL | ||
| CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device. | |||||