Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2023-52342
|
N/A |
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
|
08 Apr 2024
|
|
|
CVE-2024-27630
|
N/A |
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
|
08 Apr 2024
|
|
|
CVE-2024-28224
|
N/A |
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).
|
08 Apr 2024
|
|
|
CVE-2024-31806
|
N/A |
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
|
08 Apr 2024
|
|
|
CVE-2024-27632
|
N/A |
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
|
08 Apr 2024
|
|
|
CVE-2023-52715
|
N/A |
The SystemUI module has a vulnerability in permission management.
Impact: Successful exploitation of this vulnerability may affect availability.
|
07 Apr 2024
|
|
|
CVE-2024-30417
|
N/A |
Path traversal vulnerability in the Bluetooth-based sharing module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
07 Apr 2024
|
|
|
CVE-2024-30413
|
N/A |
Vulnerability of improper permission control in the window management module.
Impact: Successful exploitation of this vulnerability will affect availability.
|
07 Apr 2024
|
|
|
CVE-2021-47208
|
N/A |
The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.
|
07 Apr 2024
|
|
|
CVE-2024-31949
|
N/A |
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.
|
07 Apr 2024
|
|
|
CVE-2020-36829
|
N/A |
The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.
|
07 Apr 2024
|
|
|
CVE-2024-0406
|
N/A |
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
|
06 Apr 2024
|
|
|
CVE-2024-3158
|
N/A |
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
06 Apr 2024
|
|
|
CVE-2024-29783
|
N/A |
In tmu_get_tr_thresholds, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
05 Apr 2024
|
|
|
CVE-2024-29757
|
N/A |
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
05 Apr 2024
|
|
|
CVE-2024-29754
|
N/A |
In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
05 Apr 2024
|
|
|
CVE-2024-29753
|
N/A |
In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
05 Apr 2024
|
|
|
CVE-2024-29744
|
N/A |
In tmu_get_gov_time_windows, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
05 Apr 2024
|
|
|
CVE-2024-29743
|
N/A |
In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
05 Apr 2024
|
|
|
CVE-2024-29738
|
N/A |
In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
05 Apr 2024
|
|
|
CVE-2023-48426
|
N/A |
u-boot bug that allows for u-boot shell and interrupt over UART
|
05 Apr 2024
|
|
|
CVE-2024-31083
|
N/A |
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
|
05 Apr 2024
|
|
|
CVE-2024-27448
|
N/A |
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.
|
05 Apr 2024
|
|
|
CVE-2023-49965
|
N/A |
SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page.
|
05 Apr 2024
|
|
|
CVE-2024-28065
|
N/A |
In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.
|
05 Apr 2024
|
CVE-2023-52342
N/A
08 Apr 2024
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
CVE-2024-27630
N/A
08 Apr 2024
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
CVE-2024-28224
N/A
08 Apr 2024
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).
CVE-2024-31806
N/A
08 Apr 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
CVE-2024-27632
N/A
08 Apr 2024
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
CVE-2023-52715
N/A
07 Apr 2024
The SystemUI module has a vulnerability in permission management.
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-30417
N/A
07 Apr 2024
Path traversal vulnerability in the Bluetooth-based sharing module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-30413
N/A
07 Apr 2024
Vulnerability of improper permission control in the window management module.
Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2021-47208
N/A
07 Apr 2024
The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.
CVE-2024-31949
N/A
07 Apr 2024
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.
CVE-2020-36829
N/A
07 Apr 2024
The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.
CVE-2024-0406
N/A
06 Apr 2024
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
CVE-2024-3158
N/A
06 Apr 2024
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-29783
N/A
05 Apr 2024
In tmu_get_tr_thresholds, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29757
N/A
05 Apr 2024
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29754
N/A
05 Apr 2024
In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29753
N/A
05 Apr 2024
In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29744
N/A
05 Apr 2024
In tmu_get_gov_time_windows, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29743
N/A
05 Apr 2024
In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29738
N/A
05 Apr 2024
In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-48426
N/A
05 Apr 2024
u-boot bug that allows for u-boot shell and interrupt over UART
CVE-2024-31083
N/A
05 Apr 2024
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
CVE-2024-27448
N/A
05 Apr 2024
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.
CVE-2023-49965
N/A
05 Apr 2024
SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page.
CVE-2024-28065
N/A
05 Apr 2024
In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.
Page 518 of 646
Page 518 of 646