Total
11365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10944 | 2024-11-13 | N/A | 8.4 HIGH | ||
| A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of a malicious Updated Agent being deployed. | |||||
| CVE-2024-8936 | 2024-11-13 | N/A | 6.5 MEDIUM | ||
| CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory. | |||||
| CVE-2024-6868 | 1 Mudler | 1 Localai | 2024-11-13 | N/A | 9.8 CRITICAL |
| mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server. | |||||
| CVE-2024-37365 | 2024-11-12 | N/A | 7.3 HIGH | ||
| A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. | |||||
| CVE-2024-23983 | 2024-11-12 | N/A | N/A | ||
| Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. | |||||
| CVE-2024-50343 | 2024-11-08 | N/A | 3.1 LOW | ||
| symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-1973 | 2024-11-08 | N/A | 7.5 HIGH | ||
| A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory. | |||||
| CVE-2024-51513 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption. | |||||
| CVE-2024-33031 | 1 Qualcomm | 32 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 29 more | 2024-11-07 | N/A | 6.7 MEDIUM |
| Memory corruption while processing the update SIM PB records request. | |||||
| CVE-2024-51529 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2024-51530 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 6.6 MEDIUM |
| LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-51520 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-23386 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2024-11-07 | N/A | 6.7 MEDIUM |
| memory corruption when WiFi display APIs are invoked with large random inputs. | |||||
| CVE-2024-51514 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.3 MEDIUM |
| Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-51512 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 6.2 MEDIUM |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-51511 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 6.2 MEDIUM |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-51519 | 1 Huawei | 1 Harmonyos | 2024-11-06 | N/A | 5.0 MEDIUM |
| Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-49368 | 1 Nginxui | 1 Nginx Ui | 2024-11-06 | N/A | 9.8 CRITICAL |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue. | |||||
| CVE-2024-7004 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | |||||
| CVE-2024-0127 | 2024-10-28 | N/A | 7.8 HIGH | ||
| NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. | |||||