Filtered by NVD-CWE-noinfo
Total 32029 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-10229 1 Google 1 Chrome 2024-10-30 8.1 High
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2024-44294 1 Apple 1 Macos 2024-10-29 6.5 Medium
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files.
CVE-2024-31842 1 Italtel 1 Embrace 2024-10-29 8.8 High
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.
CVE-2024-7978 1 Google 1 Chrome 2024-10-29 4.3 Medium
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-7518 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-10-29 6.5 Medium
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7004 1 Google 1 Chrome 2024-10-29 4.3 Medium
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)
CVE-2024-47022 1 Google 32 Android, Pixel, Pixel 2 and 29 more 2024-10-28 5.1 Medium
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
CVE-2024-47020 1 Google 32 Android, Pixel, Pixel 2 and 29 more 2024-10-28 5.1 Medium
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
CVE-2024-47023 1 Google 2 Android, Pixel 2024-10-28 7.4 High
there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-47025 1 Google 2 Android, Pixel 2024-10-28 5.1 Medium
In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-47027 1 Google 2 Android, Pixel 2024-10-28 7.4 High
In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-44100 1 Google 32 Android, Pixel, Pixel 2 and 29 more 2024-10-28 7.5 High
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
CVE-2024-39946 1 Dahuasecurity 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more 2024-10-27 6 Medium
A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.
CVE-2024-39947 1 Dahuasecurity 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more 2024-10-27 6.5 Medium
A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.
CVE-2024-8852 1 Servmask 1 All-in-one Wp Migration 2024-10-25 5.3 Medium
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files.
CVE-2024-9627 1 Te-st 2 Teplobot, Teplobot Telegram Bot For Wp 2024-10-25 8.6 High
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot.
CVE-2024-9541 1 Blazethemes 1 News Kit Elementor Addons 2024-10-25 4.3 Medium
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.
CVE-2024-9530 1 Qodeinteractive 1 Qi Addons For Elementor 2024-10-25 4.3 Medium
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
CVE-2024-42966 1 Totolink 2 N350rt, N350rt Firmware 2024-10-24 9.8 Critical
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-20455 1 Cisco 3 Ios Xe, Ios Xe Catalyst Sd-wan, Ios Xe Sd-wan 2024-10-24 8.6 High
A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability.