Total
34424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9787 | 2 Ccontrols, Contemporary Control System | 3 Basrouter Bacnet Basrt-b, Basrouter Bacnet Basrt-b Firmware, Basrouter Bacnet Basrt-b | 2024-11-25 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2020-36660 | 1 Eve Ship Replacement Program Project | 1 Eve Ship Replacement Program | 2024-11-25 | 4.3 Medium |
| A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The patch is named 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211. | ||||
| CVE-2015-10085 | 1 Gopistolet Project | 1 Gopistolet | 2024-11-25 | 3.5 Low |
| A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-10965 | 1 Emqx | 1 Neuron | 2024-11-23 | 4.3 Medium |
| A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-5924 | 1 Dropbox | 2 Dropbox, Dropbox Desktop | 2024-11-23 | 8.8 High |
| Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991. | ||||
| CVE-2023-1369 | 1 Tgsoft | 2 Vir.it Explorer, Viragtlt.sys | 2024-11-22 | 5 Medium |
| A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects the function 0x82730088 in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875. | ||||
| CVE-2018-9440 | 1 Google | 1 Android | 2024-11-22 | 6.5 Medium |
| In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2018-9467 | 1 Google | 1 Android | 2024-11-22 | 9.8 Critical |
| In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9369 | 1 Google | 1 Android | 2024-11-22 | 7.8 High |
| In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2018-9364 | 1 Google | 1 Android | 2024-11-22 | 7.5 High |
| In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation. | ||||
| CVE-2018-9433 | 1 Google | 1 Android | 2024-11-22 | 9.8 Critical |
| In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2018-9432 | 1 Google | 1 Android | 2024-11-22 | 7.8 High |
| In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-1681 | 1 Xunruicms | 1 Xunruicms | 2024-11-22 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1680 | 1 Xunruicms | 1 Xunruicms | 2024-11-22 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability. | ||||
| CVE-2024-1309 | 1 Honeywell | 1 Niagara Framework | 2024-11-22 | 6.5 Medium |
| Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. | ||||
| CVE-2024-28729 | 2 D-link, Dlink | 3 Dwr-2000m Firmware, Dwr-2000m, Dwr-2000m Firmware | 2024-11-22 | 7.8 High |
| An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. | ||||
| CVE-2023-36258 | 1 Langchain | 1 Langchain | 2024-11-22 | 9.8 Critical |
| An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. | ||||
| CVE-2023-38401 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2024-11-22 | 7.8 High |
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. | ||||
| CVE-2024-11494 | 1 Zyxel | 3 P6101c, P6101c Firmware, P610c Firmware | 2024-11-22 | 7.5 High |
| **UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method. | ||||
| CVE-2023-20267 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 4 Medium |
| A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions. | ||||