Export limit exceeded: 343363 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343363 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42392 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4 Medium |
| Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | ||||
| CVE-2024-42383 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4.2 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | ||||
| CVE-2024-42385 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4 Medium |
| Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. | ||||
| CVE-2024-42386 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 8.2 High |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | ||||
| CVE-2024-42387 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 5.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-52293 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | 7.2 High |
| Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3. | ||||
| CVE-2024-42388 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 5.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-42389 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 5.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-42390 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-42391 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 4.3 Medium |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | ||||
| CVE-2024-51765 | 1 Hpe | 1 Cray System Management Software | 2024-11-19 | 5.5 Medium |
| A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | ||||
| CVE-2024-51764 | 1 Hpe | 1 Sgi Cxfs | 2024-11-19 | 5.5 Medium |
| A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | ||||
| CVE-2024-25253 | 1 Iobit | 1 Driver Booster | 2024-11-19 | 7.5 High |
| Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module. | ||||
| CVE-2024-24446 | 1 Openairinterface | 1 Cn5g Amf | 2024-11-19 | 6.5 Medium |
| An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF. | ||||
| CVE-2024-24425 | 2 Magma, Oai Epc Federation | 2 Magma, Oai Epc Federation | 2024-11-19 | 6.5 Medium |
| Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2023-52268 | 1 Freescout Helpdesk | 1 Freescout | 2024-11-19 | 9.1 Critical |
| The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub. | ||||
| CVE-2024-10575 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-19 | 9.8 Critical |
| CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | ||||
| CVE-2024-37095 | 2024-11-19 | 4.3 Medium | ||
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3. | ||||
| CVE-2021-3986 | 2 Calibre-web Project, Janeczku | 2 Calibre-web, Calibre-web | 2024-11-19 | 4.3 Medium |
| A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix. | ||||
| CVE-2021-3902 | 2 Dompdf, Dompdf Project | 2 Dompdf, Dompdf | 2024-11-19 | 9.8 Critical |
| An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks. | ||||