Total
13509 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3614 | 2 Debian, Noping | 2 Debian Linux, Liboping | 2024-11-21 | 3.3 Low |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. | ||||
| CVE-2007-6763 | 1 Sas | 1 Sas Drug Development | 2024-11-21 | N/A |
| SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | ||||
| CVE-2005-4890 | 3 Debian, Redhat, Sudo Project | 4 Debian Linux, Shadow, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | ||||
| CVE-2002-2444 | 1 Snoopy Project | 1 Snoopy | 2024-11-20 | 9.8 Critical |
| Snoopy before 2.0.0 has a security hole in exec cURL | ||||
| CVE-2024-50557 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-11-20 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device. | ||||
| CVE-2024-41167 | 1 Intel | 2 M10jnp2sb, M10jnp2sb Firmware | 2024-11-19 | 7.5 High |
| Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-33031 | 1 Qualcomm | 32 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 29 more | 2024-11-16 | 6.7 Medium |
| Memory corruption while processing the update SIM PB records request. | ||||
| CVE-2024-23386 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2024-11-16 | 6.7 Medium |
| memory corruption when WiFi display APIs are invoked with large random inputs. | ||||
| CVE-2024-21949 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | 5.5 Medium |
| Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. | ||||
| CVE-2024-21974 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | 8.8 High |
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | ||||
| CVE-2024-21975 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | 8.8 High |
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | ||||
| CVE-2024-49774 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | 7.2 High |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-50333 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | 6.6 Medium |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-37365 | 1 Rockwellautomation | 1 Factorytalk View Machine Edition | 2024-11-12 | 7.3 High |
| A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. | ||||
| CVE-2024-50219 | 1 Redhat | 1 Enterprise Linux | 2024-11-11 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-51529 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 5.5 Medium |
| Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
| CVE-2024-51530 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 6.6 Medium |
| LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51520 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.5 Medium |
| Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51514 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.3 Medium |
| Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51512 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | ||||