Export limit exceeded: 356942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47867 | 1 Gradio Project | 1 Gradio | 2024-11-15 | 7.5 High |
| Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with. | ||||
| CVE-2024-34662 | 1 Samsung | 1 Android | 2024-11-15 | 6.2 Medium |
| Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors. | ||||
| CVE-2024-7865 | 2024-11-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2414. Reason: This candidate is a reservation duplicate of CVE-2023-2414. Notes: All CVE users should reference CVE-2023-2414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-6413 | 2024-11-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2414. Reason: This candidate is a reservation duplicate of CVE-2023-2414. Notes: All CVE users should reference CVE-2023-2414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-48966 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-15 | 10 Critical |
| The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | ||||
| CVE-2024-10691 | 2024-11-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9530. Reason: This candidate is a reservation duplicate of CVE-2024-9530. Notes: All CVE users should reference CVE-2024-9530 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-9834 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-15 | 9.3 Critical |
| Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | ||||
| CVE-2024-48967 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-15 | 10 Critical |
| The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance. | ||||
| CVE-2024-34167 | 1 Intel | 1 Server Board S2600st Firmware | 2024-11-15 | 6.7 Medium |
| Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-51996 | 1 Symphony Php Framework | 1 Symphony Process | 2024-11-15 | 7.5 High |
| Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8. | ||||
| CVE-2024-21783 | 2024-11-15 | 4.8 Medium | ||
| Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21799 | 2024-11-15 | 7.1 High | ||
| Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21808 | 2024-11-15 | 4.2 Medium | ||
| Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21850 | 1 Intel | 1 Tdx Module Software | 2024-11-15 | 6 Medium |
| Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-23312 | 1 Intel Binary Configuration Tool Software For Windows | 1 Intel Binary Configuration Tool Software For Windows | 2024-11-15 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-23919 | 2024-11-15 | 5.3 Medium | ||
| Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-25647 | 1 Intel Binary Configuration Tool Software For Windows | 1 Intel Binary Configuration Tool Software For Windows | 2024-11-15 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-26017 | 1 Intel | 1 Rendering Toolkit Software | 2024-11-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-27200 | 2024-11-15 | 4.4 Medium | ||
| Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-28028 | 1 Intel | 1 Neural Compressor Software | 2024-11-15 | 7.5 High |
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||