The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2024-47344 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. | -- | Oct 7, 2024 |
CVE-2024-47335 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11. | -- | Oct 7, 2024 |
CVE-2024-47191 | OATH Toolkit pam_oath usersfile ${HOME} privilege escalation | -- | Oct 7, 2024 |
CVE-2024-46325 | TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | -- | Oct 7, 2024 |
CVE-2024-45153 | Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Oct 7, 2024 |
CVE-2024-43047 | Memory corruption while maintaining memory maps of HLOS memory. | -- | Oct 7, 2024 |
CVE-2024-42027 | The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. | -- | Oct 7, 2024 |
CVE-2024-38425 | Information disclosure while sending implicit broadcast containing APP launch information. | -- | Oct 7, 2024 |
CVE-2024-38399 | Memory corruption while processing user packets to generate page faults. | -- | Oct 7, 2024 |
CVE-2024-38397 | Transient DOS while parsing probe response and assoc response frame. | -- | Oct 7, 2024 |
CVE-2024-33073 | Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | -- | Oct 7, 2024 |
CVE-2024-33071 | Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. | -- | Oct 7, 2024 |
CVE-2024-33070 | Transient DOS while parsing ESP IE from beacon/probe response frame. | -- | Oct 7, 2024 |
CVE-2024-33069 | Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. | -- | Oct 7, 2024 |
CVE-2024-33066 | Memory corruption while redirecting log file to any file location with any file name. | -- | Oct 7, 2024 |
CVE-2024-33065 | Memory corruption while taking snapshot when an offset variable is set by camera driver. | -- | Oct 7, 2024 |
CVE-2024-33064 | Information disclosure while parsing the multiple MBSSID IEs from the beacon. | -- | Oct 7, 2024 |
CVE-2024-33049 | Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. | -- | Oct 7, 2024 |
CVE-2024-23379 | Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. | -- | Oct 7, 2024 |
CVE-2024-23378 | Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. | -- | Oct 7, 2024 |
CVE-2024-23376 | Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. | -- | Oct 7, 2024 |
CVE-2024-23375 | Memory corruption during the network scan request. | -- | Oct 7, 2024 |
CVE-2024-23374 | Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. | -- | Oct 7, 2024 |
CVE-2024-23370 | Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. | -- | Oct 7, 2024 |
CVE-2024-23369 | Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. | -- | Oct 7, 2024 |
CVE-2024-21455 | Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. | -- | Oct 7, 2024 |
CVE-2024-20103 | In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599. | -- | Oct 7, 2024 |
CVE-2024-20102 | In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601. | -- | Oct 7, 2024 |
CVE-2024-20101 | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602. | -- | Oct 7, 2024 |
CVE-2024-20100 | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603. | -- | Oct 7, 2024 |
CVE-2024-20099 | In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625. | -- | Oct 7, 2024 |
CVE-2024-20098 | In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626. | -- | Oct 7, 2024 |
CVE-2024-20097 | In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. | -- | Oct 7, 2024 |
CVE-2024-20096 | In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635. | -- | Oct 7, 2024 |
CVE-2024-20095 | In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. | -- | Oct 7, 2024 |
CVE-2024-20094 | In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. | -- | Oct 7, 2024 |
CVE-2024-20093 | In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699. | -- | Oct 7, 2024 |
CVE-2024-20092 | In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700. | -- | Oct 7, 2024 |
CVE-2024-20091 | In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701. | -- | Oct 7, 2024 |
CVE-2024-20090 | In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703. | -- | Oct 7, 2024 |
CVE-2024-9566 | A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | -- | Oct 7, 2024 |
CVE-2024-9565 | A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | -- | Oct 7, 2024 |
CVE-2024-9564 | A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | -- | Oct 7, 2024 |
CVE-2024-9563 | A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | -- | Oct 7, 2024 |
CVE-2024-47854 | An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. | -- | Oct 6, 2024 |
CVE-2024-47650 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1. | -- | Oct 6, 2024 |
CVE-2024-47368 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33. | -- | Oct 6, 2024 |
CVE-2024-47367 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.13.0. | -- | Oct 6, 2024 |
CVE-2024-47366 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6. | -- | Oct 6, 2024 |
CVE-2024-47365 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS.This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.5. | -- | Oct 6, 2024 |