Lucene search

K

Ragic, Inc. Security Vulnerabilities

cve
cve

CVE-2023-51365

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:.....

8.7CVSS

8.2AI Score

0.001EPSS

2024-04-26 03:15 PM
27
cve
cve

CVE-2024-27124

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later.....

7.5CVSS

7.8AI Score

0.001EPSS

2024-04-26 03:15 PM
26
cve
cve

CVE-2024-21905

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS...

6.5CVSS

7AI Score

0.0004EPSS

2024-04-26 03:15 PM
26
cve
cve

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
23
cve
cve

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

6.1CVSS

7AI Score

0.0005EPSS

2024-06-10 10:15 PM
25
cve
cve

CVE-2024-28519

A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged...

7AI Score

0.0004EPSS

2024-05-03 05:15 PM
29
cve
cve

CVE-2024-20070

In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is....

6.7AI Score

0.0004EPSS

2024-06-03 02:15 AM
15
cve
cve

CVE-2023-51364

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:.....

8.7CVSS

8.2AI Score

0.001EPSS

2024-04-26 03:15 PM
27
cve
cve

CVE-2024-20073

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID:...

7.4AI Score

0.0004EPSS

2024-06-03 02:15 AM
14
cve
cve

CVE-2023-43556

Memory corruption in Hypervisor when platform information mentioned is not...

9.3CVSS

6.8AI Score

0.001EPSS

2024-06-03 10:15 AM
26
cve
cve

CVE-2024-20075

In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08713302; Issue ID:...

7.3AI Score

0.0004EPSS

2024-06-03 02:15 AM
15
cve
cve

CVE-2024-20074

In dmc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08668110; Issue ID:...

7.3AI Score

0.0004EPSS

2024-06-03 02:15 AM
16
cve
cve

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be...

6.8AI Score

0.0004EPSS

2024-05-23 05:15 PM
55
cve
cve

CVE-2024-20048

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID:...

6AI Score

0.0004EPSS

2024-04-01 03:15 AM
32
cve
cve

CVE-2024-20045

In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID:...

6.1AI Score

0.0004EPSS

2024-04-01 03:15 AM
32
cve
cve

CVE-2024-20047

In battery, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587865; Issue ID:...

5.9AI Score

0.0004EPSS

2024-04-01 03:15 AM
33
cve
cve

CVE-2024-20026

In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:...

6AI Score

0.0004EPSS

2024-03-04 03:15 AM
32
cve
cve

CVE-2024-21474

Memory corruption when size of buffer from previous call is used without validation or...

8.4CVSS

7.3AI Score

0.001EPSS

2024-05-06 03:15 PM
25
cve
cve

CVE-2024-3371

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to...

7.1CVSS

6.6AI Score

0.0004EPSS

2024-04-24 05:15 PM
39
cve
cve

CVE-2024-3372

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to....

7.5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 04:17 PM
25
cve
cve

CVE-2023-43530

Memory corruption in HLOS while checking for the storage...

5.9CVSS

7.1AI Score

0.0004EPSS

2024-05-06 03:15 PM
24
cve
cve

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is...

7.5CVSS

6.9AI Score

0.0005EPSS

2024-05-06 03:15 PM
24
cve
cve

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-04-01 03:15 PM
50
cve
cve

CVE-2023-33119

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor...

8.4CVSS

7AI Score

0.001EPSS

2024-05-06 03:15 PM
25
cve
cve

CVE-2024-20069

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330;...

6.4AI Score

0.0004EPSS

2024-06-03 02:15 AM
23
cve
cve

CVE-2024-30407

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to...

8.1CVSS

6.8AI Score

0.001EPSS

2024-04-12 03:15 PM
45
cve
cve

CVE-2024-23354

Memory corruption when the IOCTL call is interrupted by a...

8.4CVSS

7.1AI Score

0.001EPSS

2024-05-06 03:15 PM
29
cve
cve

CVE-2024-20033

In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID:...

6AI Score

0.0004EPSS

2024-03-04 03:15 AM
33
cve
cve

CVE-2024-20068

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID:...

6.8AI Score

0.0004EPSS

2024-06-03 02:15 AM
24
cve
cve

CVE-2024-20054

In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID:...

6.9AI Score

0.0004EPSS

2024-04-01 03:15 AM
30
cve
cve

CVE-2024-20057

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID:...

7AI Score

0.0004EPSS

2024-05-06 03:15 AM
25
cve
cve

CVE-2024-20046

In battery, there is a possible escalation of privilege due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08485622; Issue ID:...

6.9AI Score

0.0004EPSS

2024-04-01 03:15 AM
34
cve
cve

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol...

7.8CVSS

7.2AI Score

0.0004EPSS

2024-05-06 03:15 PM
28
cve
cve

CVE-2023-43545

Memory corruption when more scan frequency list or channels are sent from the user...

6.7CVSS

7.5AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
cve
cve

CVE-2023-43543

Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph...

6.7CVSS

7.3AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
cve
cve

CVE-2023-43525

Memory corruption while copying the sound model data from user to kernel buffer during sound model...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-06 03:15 PM
25
nessus
nessus

RHEL 6 : qemu-kvm-rhev (RHSA-2017:1441)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1441 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages...

5.5CVSS

8.1AI Score

0.002EPSS

2024-04-24 12:00 AM
3
cve
cve

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode...

9.1CVSS

7AI Score

0.001EPSS

2024-06-03 10:15 AM
25
cve
cve

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management...

7.5CVSS

6.9AI Score

0.0005EPSS

2024-06-03 10:15 AM
23
cve
cve

CVE-2023-43542

Memory corruption while copying a keyblobs material when the key materials size is not accurately...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-03 10:15 AM
22
cve
cve

CVE-2024-20072

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID:...

7.3AI Score

0.0004EPSS

2024-06-03 02:15 AM
14
nessus
nessus

Oracle Linux 7 : libreoffice (ELSA-2024-3304)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3304 advisory. [1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-24 12:00 AM
7
cve
cve

CVE-2024-20065

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID:...

6AI Score

0.0004EPSS

2024-06-03 02:15 AM
22
cve
cve

CVE-2024-20042

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID:...

7AI Score

0.0004EPSS

2024-04-01 03:15 AM
38
cve
cve

CVE-2024-20058

In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID:...

5.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
28
cve
cve

CVE-2024-20059

In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...

6.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
28
cve
cve

CVE-2024-20055

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID:...

6AI Score

0.0004EPSS

2024-04-01 03:15 AM
35
cve
cve

CVE-2024-20041

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; Issue ID:...

5.9AI Score

0.0004EPSS

2024-04-01 03:15 AM
32
cve
cve

CVE-2024-21480

Memory corruption while playing audio file having large-sized input...

7.3CVSS

7.1AI Score

0.0005EPSS

2024-05-06 03:15 PM
26
cve
cve

CVE-2024-21476

Memory corruption when the channel ID passed by user is not validated and further...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-05-06 03:15 PM
26
Total number of security vulnerabilities288358