Lucene search

K

Ragic, Inc. Security Vulnerabilities

cve
cve

CVE-2024-20060

In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...

6.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
28
cve
cve

CVE-2024-20021

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID:...

6.7AI Score

0.0004EPSS

2024-05-06 03:15 AM
25
cve
cve

CVE-2024-20071

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID:...

6.3AI Score

0.0004EPSS

2024-06-03 02:15 AM
14
cve
cve

CVE-2024-21478

transient DOS when setting up a fence callback to free a KGSL memory entry object during...

6.2CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
15
cve
cve

CVE-2024-21584

Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the...

6.2AI Score

0.0004EPSS

2024-03-12 08:15 AM
30
cve
cve

CVE-2024-3374

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-05-14 04:17 PM
24
cve
cve

CVE-2023-4063

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET...

6.7AI Score

0.0004EPSS

2024-03-22 06:15 PM
31
cve
cve

CVE-2023-43537

Information disclosure while handling T2LM Action Frame in WLAN...

6.5CVSS

7.1AI Score

0.0005EPSS

2024-06-03 10:15 AM
14
cve
cve

CVE-2023-43524

Memory corruption when the bandpass filter order received from AHAL is not within the expected...

6.7CVSS

7.1AI Score

0.0004EPSS

2024-05-06 03:15 PM
26
cve
cve

CVE-2024-20065

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID:...

6AI Score

0.0004EPSS

2024-06-03 02:15 AM
22
cve
cve

CVE-2024-20042

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID:...

7AI Score

0.0004EPSS

2024-04-01 03:15 AM
38
cve
cve

CVE-2024-20058

In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID:...

5.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
28
cve
cve

CVE-2024-20059

In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...

6.9AI Score

0.0004EPSS

2024-05-06 03:15 AM
28
cve
cve

CVE-2024-20055

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID:...

6AI Score

0.0004EPSS

2024-04-01 03:15 AM
35
cve
cve

CVE-2024-20041

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; Issue ID:...

5.9AI Score

0.0004EPSS

2024-04-01 03:15 AM
32
cve
cve

CVE-2024-32850

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....

7.4AI Score

0.0004EPSS

2024-05-31 02:15 AM
27
cve
cve

CVE-2024-21480

Memory corruption while playing audio file having large-sized input...

7.3CVSS

7.1AI Score

0.0005EPSS

2024-05-06 03:15 PM
26
cve
cve

CVE-2024-21476

Memory corruption when the channel ID passed by user is not validated and further...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-05-06 03:15 PM
26
cve
cve

CVE-2023-32873

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID:...

7AI Score

0.0004EPSS

2024-05-06 03:15 AM
27
cve
cve

CVE-2023-32871

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID:...

7AI Score

0.0004EPSS

2024-05-06 03:15 AM
27
cve
cve

CVE-2023-43526

Memory corruption while querying module parameters from Listen Sound model client in kernel from user...

6.7CVSS

6.9AI Score

0.0004EPSS

2024-05-06 03:15 PM
24
cve
cve

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in...

7.5CVSS

6.8AI Score

0.0005EPSS

2024-04-01 03:15 PM
50
cve
cve

CVE-2024-23360

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU...

8.4CVSS

7.3AI Score

0.001EPSS

2024-06-03 10:15 AM
16
cve
cve

CVE-2024-28745

Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed....

6.7AI Score

0.0004EPSS

2024-03-18 04:15 AM
37
cve
cve

CVE-2024-20053

In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:...

7AI Score

0.0004EPSS

2024-04-01 03:15 AM
33
cve
cve

CVE-2024-20028

In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:...

6.9AI Score

0.0004EPSS

2024-03-04 03:15 AM
28
cve
cve

CVE-2024-20038

In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID:...

5.9AI Score

0.0004EPSS

2024-03-04 03:15 AM
34
cve
cve

CVE-2024-20020

In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID:...

6.1AI Score

0.0004EPSS

2024-03-04 03:15 AM
31
cve
cve

CVE-2024-20050

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:...

6AI Score

0.0004EPSS

2024-04-01 03:15 AM
34
cve
cve

CVE-2024-20051

In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:...

6.5AI Score

0.0004EPSS

2024-04-01 03:15 AM
35
cve
cve

CVE-2024-20030

In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:...

6AI Score

0.0004EPSS

2024-03-04 03:15 AM
32
cve
cve

CVE-2024-21473

Memory corruption while redirecting log file to any file location with any file...

9.8CVSS

9.5AI Score

0.001EPSS

2024-04-01 03:15 PM
42
cve
cve

CVE-2024-3281

A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized...

6.6AI Score

0.0004EPSS

2024-04-09 04:15 PM
23
cve
cve

CVE-2023-43544

Memory corruption when IPC callback handle is used after it has been released during register callback by another...

6.7CVSS

7.5AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
cve
cve

CVE-2022-48220

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential...

6.9AI Score

0.0004EPSS

2024-02-14 11:15 PM
9
cve
cve

CVE-2024-32988

'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is...

6.4AI Score

0.0004EPSS

2024-05-22 08:15 AM
39
cve
cve

CVE-2024-27127

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520...

7.2CVSS

7.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
26
cve
cve

CVE-2023-50362

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

5CVSS

7.1AI Score

0.0004EPSS

2024-04-26 03:15 PM
24
cve
cve

CVE-2024-27129

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-05-21 04:15 PM
30
cve
cve

CVE-2024-27128

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-05-21 04:15 PM
27
cve
cve

CVE-2024-27130

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build...

7.2CVSS

7AI Score

0.0004EPSS

2024-05-21 04:15 PM
63
cve
cve

CVE-2024-21902

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

6.4CVSS

6.4AI Score

0.0004EPSS

2024-05-21 04:15 PM
27
cve
cve

CVE-2023-50364

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

6.4CVSS

7.1AI Score

0.0004EPSS

2024-04-26 03:15 PM
27
cve
cve

CVE-2024-20066

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID:...

6.9AI Score

0.0004EPSS

2024-06-03 02:15 AM
26
nvd
nvd

CVE-2024-3670

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-02 05:15 PM
1
cve
cve

CVE-2023-50361

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

5CVSS

7.1AI Score

0.0004EPSS

2024-04-26 03:15 PM
27
ubuntucve
ubuntucve

CVE-2021-47552

In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in.....

6.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
cvelist
cvelist

CVE-2024-28519

A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged...

7AI Score

0.0004EPSS

2024-05-03 12:00 AM
nvd
nvd

CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

9.8CVSS

9.7AI Score

0.001EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-30420

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain...

6.7AI Score

0.0004EPSS

2024-05-22 05:15 AM
26
Total number of security vulnerabilities288358