Total
539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12657 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2024-12-19 | 4.6 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-12662 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2024-12-19 | 4.6 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. This affects the function 0x8001E040 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-12653 | 1 Fabulatech | 1 Usb Over Network | 2024-12-18 | 4.6 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-12654 | 1 Fabulatech | 1 Usb Over Network | 2024-12-18 | 4.6 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-48489 | 1 Huawei | 1 Emui | 2024-12-17 | N/A | 7.5 HIGH |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-44201 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-13 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service. | |||||
| CVE-2024-12002 | 1 Tenda | 8 Fh1201, Fh1201 Firmware, Fh1202 and 5 more | 2024-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12342 | 2024-12-08 | 6.1 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-23248 | 1 Apple | 1 Macos | 2024-12-06 | N/A | 7.1 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents. | |||||
| CVE-2024-23249 | 1 Apple | 1 Macos | 2024-12-06 | N/A | 7.1 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents. | |||||
| CVE-2024-12227 | 2024-12-05 | 4.6 MEDIUM | 5.5 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-20995 | 1 Oracle | 1 Database Server | 2024-12-03 | N/A | 2.4 LOW |
| Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L). | |||||
| CVE-2024-9787 | 1 Ccontrols | 2 Basrouter Bacnet Basrt-b, Basrouter Bacnet Basrt-b Firmware | 2024-11-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11650 | 2024-11-25 | 6.8 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11588 | 1 Avlditest | 1 Libdoip | 2024-11-22 | 2.3 LOW | 3.5 LOW |
| A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has been rated as problematic. This issue affects the function DoIPConnection::reactOnReceivedTcpMessage of the file DoIPConnection.cpp. The manipulation leads to null pointer dereference. | |||||
| CVE-2024-5095 | 2024-11-21 | 6.3 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4791 | 2024-11-21 | 7.8 HIGH | 7.5 HIGH | ||
| A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263890 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4292 | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262224. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4013 | 2024-11-21 | N/A | 5.6 MEDIUM | ||
| A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#. | |||||
| CVE-2024-3764 | 2024-11-21 | 3.3 LOW | 2.7 LOW | ||
| ** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 5.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-260604. NOTE: The vendor explains that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack. | |||||