Export limit exceeded: 43280 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15488 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15488 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23980 | 2024-11-21 | 7.5 High | ||
| Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2024-23617 | 1 Broadcom | 1 Symantec Data Center Security Server | 2024-11-21 | 9.6 Critical |
| A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. | ||||
| CVE-2024-23616 | 1 Broadcom | 1 Symantec Server Management Suite | 2024-11-21 | 10 Critical |
| A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | ||||
| CVE-2024-23614 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 10 Critical |
| A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | ||||
| CVE-2024-23323 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 4.3 Medium |
| Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-22229 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 3.1 Low |
| Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. | ||||
| CVE-2024-22199 | 1 Gofiber | 1 Django | 2024-11-21 | 9.3 Critical |
| This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. | ||||
| CVE-2024-21916 | 1 Rockwellautomation | 6 Controllogix 5570 Controller, Controllogix 5570 Controller Firmware, Controllogix 5570 Redundant Controller and 3 more | 2024-11-21 | 8.6 High |
| A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF. | ||||
| CVE-2024-21631 | 1 Vapor | 1 Vapor | 2024-11-21 | 6.5 Medium |
| Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities. | ||||
| CVE-2024-21482 | 1 Qualcomm | 138 Csr8811, Csr8811 Firmware, Immersive Home 214 Platform and 135 more | 2024-11-21 | 6.8 Medium |
| Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image. | ||||
| CVE-2024-1064 | 1 Craftycontrol | 1 Crafty Controller | 2024-11-21 | 7.5 High |
| A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | ||||
| CVE-2024-0987 | 1 Kuerp Project | 1 Kuerp | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0774 | 1 Taurisoft | 1 Any Sound Recorder | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0772 | 1 Nsasoft | 1 Sharealarmpro | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0745 | 1 Mozilla | 1 Firefox | 2024-11-21 | 8.8 High |
| The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. | ||||
| CVE-2024-0744 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 High |
| In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. | ||||
| CVE-2024-0645 | 1 Explorerplusplus | 1 Explorer\+\+ | 2024-11-21 | 7.3 High |
| Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records. | ||||
| CVE-2024-0429 | 2 Bpsoft, Hex Workshop | 2 Hex Workshop, Hex Workshop | 2024-11-21 | 7.3 High |
| A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown. | ||||
| CVE-2023-7102 | 1 Barracuda | 10 Email Security Gateway 300, Email Security Gateway 300 Firmware, Email Security Gateway 400 and 7 more | 2024-11-21 | 9.8 Critical |
| Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. | ||||
| CVE-2023-6560 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. | ||||