Search Results (25419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-33603 2 Level1, Levelone 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 2024-11-21 5.3 Medium
The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.
CVE-2024-32907 1 Google 1 Android 2024-11-21 8.4 High
In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-32903 1 Google 1 Android 2024-11-21 7.8 High
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-32860 1 Dell 45 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R11 and 42 more 2024-11-21 7.5 High
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2024-32859 1 Dell 48 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 45 more 2024-11-21 7.5 High
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2024-32858 1 Dell 48 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 45 more 2024-11-21 7.5 High
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2024-32856 1 Dell 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more 2024-11-21 5.1 Medium
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-32007 2 Apache, Redhat 4 Cxf, Apache-camel-spring-boot, Apache Camel Spring Boot and 1 more 2024-11-21 7.5 High
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 
CVE-2024-31878 1 Ibm 1 I 2024-11-21 5.3 Medium
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.
CVE-2024-31870 1 Ibm 1 I 2024-11-21 3.3 Low
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174.
CVE-2024-30472 2 Dell, Microsoft 2 Thinos, Telemetry Dashboard 2024-11-21 7.5 High
Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.
CVE-2024-30300 1 Adobe 1 Framemaker Publishing Server 2024-11-21 9.8 Critical
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. An attacker could exploit this vulnerability to gain access to sensitive information which may include system or user privileges. Exploitation of this issue does not require user interaction.
CVE-2024-29068 1 Canonical 1 Snapd 2024-11-21 5.8 Medium
In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service.
CVE-2024-28164 1 Sap 1 Netweaver Application Server Java 2024-11-21 5.3 Medium
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application.
CVE-2024-28120 2024-11-21 6.5 Medium
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.
CVE-2024-26127 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 3.5 Low
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
CVE-2024-26126 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 3.5 Low
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
CVE-2024-25714 2 Debian, Rhonabwy Project 2 Debian Linux, Rhonabwy 2024-11-21 9.1 Critical
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
CVE-2024-25190 1 Glitchedpolygons 1 L8w8jwt 2024-11-21 9.8 Critical
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVE-2024-25119 1 Typo3 1 Typo3 2024-11-21 4.9 Medium
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.