Export limit exceeded: 347829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39429 | 2 Google, Unisoc | 10 Android, Sc7731e, Sc9832e and 7 more | 2024-11-21 | 5.1 Medium |
| In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2024-39428 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 6.8 Medium |
| In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2024-39427 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.1 Medium |
| In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2024-39345 | 1 Adtran | 2 834-5, Sdg Smartos | 2024-11-21 | 7.2 High |
| AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1. | ||||
| CVE-2024-39202 | 1 Dlink | 3 Dir-823x Ax3000, Dir-823x Ax3000 Firmware, Dir-823x Firmware | 2024-11-21 | 7.6 High |
| D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. | ||||
| CVE-2024-37280 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.9 Medium |
| A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature. | ||||
| CVE-2024-37185 | 1 Openatom | 1 Openharmony | 2024-11-21 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-37140 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | 8.8 High |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | ||||
| CVE-2024-37091 | 1 Stylemixthemes | 2 Consulting Elementor Widgets, Masterstudy Elementor Widgets | 2024-11-21 | 9.9 Critical |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | ||||
| CVE-2024-37077 | 1 Openatom | 1 Openharmony | 2024-11-21 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-37066 | 1 Wyze | 2 Cam V4, Cam V4 Firmware | 2024-11-21 | 6.8 Medium |
| A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. | ||||
| CVE-2024-37036 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-11-21 | 9.8 Critical |
| CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. | ||||
| CVE-2024-37022 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. | ||||
| CVE-2024-36501 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.6 Medium |
| Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | ||||
| CVE-2024-36475 | 1 Centurysys | 35 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 32 more | 2024-11-21 | 7.2 High |
| FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed. | ||||
| CVE-2024-36394 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 9.1 Critical |
| SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||
| CVE-2024-36260 | 1 Openatom | 1 Openharmony | 2024-11-21 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-36243 | 1 Openatom | 1 Openharmony | 2024-11-21 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. | ||||
| CVE-2024-35116 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 5.9 Medium |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335. | ||||
| CVE-2024-34364 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.7 Medium |
| Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer. | ||||