Export limit exceeded: 337083 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337083 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47035 | 1 Google | 2 Android, Pixel | 2024-10-31 | 7.4 High |
| In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47481 | 1 Dell | 1 Data Lakehouse | 2024-10-31 | 6.5 Medium |
| Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. | ||||
| CVE-2024-47483 | 1 Dell | 1 Data Lakehouse | 2024-10-31 | 2.9 Low |
| Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2024-10374 | 1 Butlerblog | 1 Wp-members | 2024-10-31 | 6.4 Medium |
| The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10378 | 1 Esafenet | 1 Cdg | 2024-10-30 | 6.3 Medium |
| A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8421 | 1 Redhat | 1 Openshift Data Foundation | 2024-10-30 | 0.0 Low |
| Red Hat Product Security has come to the conclusion that this CVE is not needed. | ||||
| CVE-2024-44281 | 1 Apple | 1 Macos | 2024-10-30 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a file may lead to disclosure of user information. | ||||
| CVE-2024-44274 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-10-30 | 4.6 Medium |
| The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2024-44262 | 1 Apple | 1 Visionos | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information. | ||||
| CVE-2024-44254 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data. | ||||
| CVE-2024-44239 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-30 | 5.5 Medium |
| An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state. | ||||
| CVE-2024-44235 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-30 | 4.6 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. | ||||
| CVE-2024-44215 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory. | ||||
| CVE-2024-39205 | 1 Pyload-ng Project | 1 Pyload-ng | 2024-10-30 | 9.8 Critical |
| An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. | ||||
| CVE-2024-27849 | 1 Apple | 1 Macos | 2024-10-30 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information. | ||||
| CVE-2024-45518 | 1 Zimbra | 1 Collaboration | 2024-10-30 | 7.5 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). | ||||
| CVE-2022-23862 | 1 Ysoft | 1 Safeq | 2024-10-30 | 8.4 High |
| A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. | ||||
| CVE-2024-10121 | 2 Radar, Riskengine | 2 Radar, Radar | 2024-10-30 | 7.3 High |
| A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48605 | 1 Helakuru | 1 Helakuru | 2024-10-30 | 7.8 High |
| An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. | ||||
| CVE-2019-25218 | 1 I13websolution | 1 Photo Gallery Slideshow \& Masonry Tiled Gallery | 2024-10-30 | 4.9 Medium |
| The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||