Export limit exceeded: 343527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343527 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38421 | 1 Qualcomm | 157 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 7800 and 154 more | 2024-11-07 | 7.8 High |
| Memory corruption while processing GPU commands. | ||||
| CVE-2024-38419 | 1 Qualcomm | 299 Ar8035, Ar8035 Firmware, Csra6620 and 296 more | 2024-11-07 | 7.8 High |
| Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. | ||||
| CVE-2024-51514 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.3 Medium |
| Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51515 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Race condition vulnerability in the kernel network module Impact:Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-38415 | 1 Qualcomm | 360 215 Mobile Platform, 215 Mobile Platform Firmware, Ar8035 and 357 more | 2024-11-07 | 7.8 High |
| Memory corruption while handling session errors from firmware. | ||||
| CVE-2024-10335 | 2 Sadat, Sourcecodester | 2 Garbage Collection Management System, Garbage Collection Management System | 2024-11-07 | 7.3 High |
| A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "username" to be affected. But it must be assumed that the parameter "password" is affected as well. | ||||
| CVE-2024-10336 | 2 Clothes Recommendation System Project, Sourcecodehero | 2 Clothes Recommendation System, Clothes Recommendation System | 2024-11-07 | 7.3 High |
| A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php of the component Admin Login Page. The manipulation of the argument t1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-28149 | 2024-11-07 | 6.1 Medium | ||
| An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables. | ||||
| CVE-2024-49768 | 3 Agendaless, Pylons, Redhat | 4 Waitress, Waitress, Openshift Ironic and 1 more | 2024-11-07 | 9.1 Critical |
| Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature. | ||||
| CVE-2024-48921 | 2 Kyverno, Nirmata | 2 Kyverno, Kyverno | 2024-11-07 | 2.7 Low |
| Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0. | ||||
| CVE-2024-10228 | 1 Hashicorp | 1 Vagrant Vmware Utility | 2024-11-07 | 3.8 Low |
| The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23 | ||||
| CVE-2024-10750 | 1 Tenda | 2 I22, I22 Firmware | 2024-11-07 | 6.5 Medium |
| A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10805 | 2 Anisha, Code-projects | 2 University Event Management System, University Event Management System | 2024-11-07 | 6.3 Medium |
| A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions a confusing product name to be affected. Other parameters might be affected as well. | ||||
| CVE-2024-51512 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51511 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51510 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 7.6 High |
| Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-6245 | 2024-11-07 | 7.4 High | ||
| Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50. | ||||
| CVE-2024-8305 | 1 Mongodb | 1 Mongodb | 2024-11-07 | 6.5 Medium |
| prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4 | ||||
| CVE-2024-10503 | 1 Klokantech | 1 Maptiler Tileserver Gl | 2024-11-07 | 3.5 Low |
| A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-21531 | 1 Git | 1 Git-shallow-clone | 2024-11-07 | 5.3 Medium |
| All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. | ||||