Total
136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27360 | 1 Samsung | 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more | 2024-10-30 | N/A | 7.5 HIGH |
| A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service. | |||||
| CVE-2021-31346 | 1 Siemens | 17 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 14 more | 2024-10-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007) | |||||
| CVE-2021-31345 | 1 Siemens | 16 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 13 more | 2024-10-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006) | |||||
| CVE-2024-24690 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Vdi Windows Meeting Clients and 2 more | 2024-10-04 | N/A | 6.5 MEDIUM |
| Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2024-8887 | 1 Circutor | 2 Q-smt, Q-smt Firmware | 2024-10-01 | N/A | 8.6 HIGH |
| CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device. | |||||
| CVE-2022-2277 | 1 Hitachienergy | 2 Microscada X Sys600, Sys600 | 2024-09-25 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* | |||||
| CVE-2022-28613 | 2 Abb, Hitachienergy | 3 Rtu500 Firmware, Rtu500, Rtu500 Firmware | 2024-09-25 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function. | |||||
| CVE-2023-4518 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2024-09-23 | N/A | 7.5 HIGH |
| A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured. | |||||
| CVE-2024-31416 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-09-19 | N/A | 6.5 MEDIUM |
| The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow. | |||||
| CVE-2024-0111 | 1 Nvidia | 1 Cuda Toolkit | 2024-09-18 | N/A | 4.4 MEDIUM |
| NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering. | |||||
| CVE-2024-8558 | 1 Oretnom23 | 1 Food Ordering Management System | 2024-09-10 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42416 | 1 Freebsd | 1 Freebsd | 2024-09-05 | N/A | 8.8 HIGH |
| The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | |||||
| CVE-2024-41991 | 1 Djangoproject | 1 Django | 2024-08-07 | N/A | 7.5 HIGH |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | |||||
| CVE-2022-26125 | 1 Frrouting | 1 Frrouting | 2024-07-03 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | |||||
| CVE-2024-30527 | 2024-05-17 | N/A | N/A | ||
| Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7. | |||||
| CVE-2024-24715 | 2024-05-17 | N/A | N/A | ||
| Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0. | |||||
| CVE-2023-4439 | 1 Card Holder Management System Project | 1 Card Holder Management System | 2024-05-17 | N/A | 5.3 MEDIUM |
| A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560. | |||||
| CVE-2023-43665 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-05-01 | N/A | 7.5 HIGH |
| In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. | |||||
| CVE-2022-26127 | 1 Frrouting | 1 Frrouting | 2024-04-28 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. | |||||
| CVE-2022-26128 | 1 Frrouting | 1 Frrouting | 2024-04-28 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. | |||||