Total
1295 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-30261 | 2024-04-19 | N/A | 2.6 LOW | ||
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | |||||
CVE-2023-45744 | 2024-04-17 | N/A | 8.3 HIGH | ||
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-45209 | 2024-04-17 | N/A | 5.3 MEDIUM | ||
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-43491 | 2024-04-17 | N/A | 5.3 MEDIUM | ||
An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
CVE-2024-29843 | 2024-04-15 | N/A | 7.5 HIGH | ||
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels | |||||
CVE-2024-29842 | 2024-04-15 | N/A | 7.5 HIGH | ||
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user | |||||
CVE-2024-3765 | 2024-04-15 | 10.0 HIGH | 9.8 CRITICAL | ||
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation with the input ff00000000000000000000000000f103250000007b202252657422203a203130302c202253657373696f6e494422203a202230783022207d0a leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-29839 | 2024-04-15 | N/A | 7.5 HIGH | ||
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user | |||||
CVE-2024-3777 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. | |||||
CVE-2024-29840 | 2024-04-15 | N/A | 7.5 HIGH | ||
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user | |||||
CVE-2024-29841 | 2024-04-15 | N/A | 7.5 HIGH | ||
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user | |||||
CVE-2024-29836 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site. | |||||
CVE-2024-29837 | 2024-04-15 | N/A | 8.8 HIGH | ||
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in. | |||||
CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | |||||
CVE-2023-21673 | 1 Qualcomm | 326 Aqt1000, Aqt1000 Firmware, Ar8035 and 323 more | 2024-04-12 | N/A | 7.8 HIGH |
Improper Access to the VM resource manager can lead to Memory Corruption. | |||||
CVE-2023-21670 | 1 Qualcomm | 364 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 361 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | |||||
CVE-2023-21642 | 1 Qualcomm | 26 Qam8295p, Qam8295p Firmware, Qca6574au and 23 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in HAB Memory management due to broad system privileges via physical address. | |||||
CVE-2022-40539 | 1 Qualcomm | 50 Qam8295p, Qam8295p Firmware, Qca6574au and 47 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in Automotive Android OS due to improper validation of array index. | |||||
CVE-2022-40529 | 1 Qualcomm | 392 Aqt1000, Aqt1000 Firmware, Ar8031 and 389 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption due to improper access control in kernel while processing a mapping request from root process. | |||||
CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption due to improper access control in Qualcomm IPC. |