Total
32039 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51514 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.3 Medium |
| Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51516 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally. | ||||
| CVE-2024-51512 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51511 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-47255 | 1 2n | 1 Access Commander | 2024-11-07 | 4.7 Medium |
| In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions. | ||||
| CVE-2024-47254 | 1 2n | 1 Access Commander | 2024-11-07 | 6.3 Medium |
| In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system. | ||||
| CVE-2024-51518 | 1 Huawei | 1 Harmonyos | 2024-11-06 | 5.3 Medium |
| Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51519 | 1 Huawei | 1 Harmonyos | 2024-11-06 | 5 Medium |
| Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-10491 | 2 Expressjs, Openjsf | 2 Express, Express | 2024-11-06 | 4 Medium |
| A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. | ||||
| CVE-2024-21258 | 1 Oracle | 1 Installed Base | 2024-11-06 | 5.3 Medium |
| Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2024-21250 | 1 Oracle | 1 Process Manufacturing Product Development | 2024-11-06 | 8.1 High |
| Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Product Development accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Product Development accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2024-21249 | 1 Oracle | 1 Peoplesoft Enterprise Fin Expenses | 2024-11-06 | 4.3 Medium |
| Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2024-49368 | 1 Nginxui | 1 Nginx Ui | 2024-11-06 | 9.8 Critical |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue. | ||||
| CVE-2024-48352 | 1 Yealink | 2 Meeting Server, Yealink Meeting Server | 2024-11-05 | 7.5 High |
| Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. | ||||
| CVE-2024-10386 | 1 Rockwellautomation | 1 Thinmanager | 2024-11-05 | 9.8 Critical |
| CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. | ||||
| CVE-2024-10387 | 1 Rockwellautomation | 1 Thinmanager | 2024-11-05 | 7.5 High |
| CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service. | ||||
| CVE-2024-21242 | 1 Oracle | 2 Database - Xml Database, Xml Database | 2024-11-05 | 3.5 Low |
| Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). | ||||
| CVE-2024-20426 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-05 | 8.6 High |
| A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2024-20431 | 1 Cisco | 2 Firepower Threat Defense, Firepower Threat Defense Software | 2024-11-05 | 5.8 Medium |
| A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this vulnerability by sending traffic through an affected device. A successful exploit could allow the attacker to bypass a geolocation-based access control policy and successfully send traffic to a protected device. | ||||
| CVE-2024-45448 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-05 | 4.1 Medium |
| Page table protection configuration vulnerability in the trusted firmware module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||