Total
28646 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-29054 | 1 Microsoft | 1 Defender For Iot | 2024-04-26 | N/A | 7.2 HIGH |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
CVE-2024-29055 | 1 Microsoft | 1 Defender For Iot | 2024-04-26 | N/A | 7.2 HIGH |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
CVE-2023-5764 | 2 Fedoraproject, Redhat | 7 Extra Packages For Enterprise Linux, Fedora, Ansible and 4 more | 2024-04-25 | N/A | 7.8 HIGH |
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. | |||||
CVE-2023-3674 | 2 Fedoraproject, Keylime | 2 Fedora, Keylime | 2024-04-25 | N/A | 2.8 LOW |
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted. | |||||
CVE-2007-0171 | 1 Allmylinks Project | 1 Allmylinks | 2024-04-23 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | |||||
CVE-2007-0172 | 1 Allmyguests Project | 1 Allmyguests | 2024-04-23 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php. | |||||
CVE-2006-4993 | 1 Allmyguests Project | 1 Allmyguests | 2024-04-23 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone). | |||||
CVE-2023-27199 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-04-23 | N/A | 6.7 MEDIUM |
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. | |||||
CVE-2023-27197 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-04-23 | N/A | 6.7 MEDIUM |
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability. | |||||
CVE-2022-26581 | 1 Paxtechnology | 2 A930, Paydroid | 2024-04-23 | N/A | 6.8 MEDIUM |
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
CVE-2020-14383 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2024-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. | |||||
CVE-2023-52436 | 1 Linux | 1 Linux Kernel | 2024-04-19 | N/A | 7.8 HIGH |
In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed. | |||||
CVE-2023-51198 | 1 Openrobotics | 1 Robot Operating System | 2024-04-17 | N/A | 9.8 CRITICAL |
An issue in the permission and access control components within ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to gain escalate privileges. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. | |||||
CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | |||||
CVE-2023-22387 | 1 Qualcomm | 542 205, 205 Firmware, 215 and 539 more | 2024-04-12 | N/A | 7.8 HIGH |
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | |||||
CVE-2023-21673 | 1 Qualcomm | 326 Aqt1000, Aqt1000 Firmware, Ar8035 and 323 more | 2024-04-12 | N/A | 7.8 HIGH |
Improper Access to the VM resource manager can lead to Memory Corruption. | |||||
CVE-2023-21642 | 1 Qualcomm | 26 Qam8295p, Qam8295p Firmware, Qca6574au and 23 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption in HAB Memory management due to broad system privileges via physical address. | |||||
CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2024-04-12 | N/A | 7.8 HIGH |
Memory corruption due to improper access control in Qualcomm IPC. | |||||
CVE-2023-43536 | 1 Qualcomm | 618 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 615 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS while parse fils IE with length equal to 1. | |||||
CVE-2022-47529 | 1 Rsa | 1 Netwitness | 2024-04-11 | N/A | 6.7 MEDIUM |
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. |