ReportizFlow
Filtered by vendor
Subscriptions
Total
322228 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51526 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 8.2 High |
| Permission control vulnerability in the hidebug module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51527 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 5.1 Medium |
| Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51528 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 4 Medium |
| Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51529 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 5.5 Medium |
| Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
| CVE-2024-51530 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | 6.6 Medium |
| LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51520 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.5 Medium |
| Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-51521 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.7 Medium |
| Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-38423 | 1 Qualcomm | 416 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 413 more | 2024-11-07 | 7.8 High |
| Memory corruption while processing GPU page table switch. | ||||
| CVE-2024-38422 | 1 Qualcomm | 541 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 538 more | 2024-11-07 | 7.8 High |
| Memory corruption while processing voice packet with arbitrary data received from ADSP. | ||||
| CVE-2024-38421 | 1 Qualcomm | 157 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 7800 and 154 more | 2024-11-07 | 7.8 High |
| Memory corruption while processing GPU commands. | ||||
| CVE-2024-38419 | 1 Qualcomm | 299 Ar8035, Ar8035 Firmware, Csra6620 and 296 more | 2024-11-07 | 7.8 High |
| Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. | ||||
| CVE-2024-51514 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 5.3 Medium |
| Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51515 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Race condition vulnerability in the kernel network module Impact:Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-38415 | 1 Qualcomm | 360 215 Mobile Platform, 215 Mobile Platform Firmware, Ar8035 and 357 more | 2024-11-07 | 7.8 High |
| Memory corruption while handling session errors from firmware. | ||||
| CVE-2024-10335 | 2 Sadat, Sourcecodester | 2 Garbage Collection Management System, Garbage Collection Management System | 2024-11-07 | 7.3 High |
| A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "username" to be affected. But it must be assumed that the parameter "password" is affected as well. | ||||
| CVE-2024-10336 | 2 Clothes Recommendation System Project, Sourcecodehero | 2 Clothes Recommendation System, Clothes Recommendation System | 2024-11-07 | 7.3 High |
| A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php of the component Admin Login Page. The manipulation of the argument t1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-28149 | 2024-11-07 | 6.1 Medium | ||
| An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables. | ||||
| CVE-2024-49768 | 3 Agendaless, Pylons, Redhat | 4 Waitress, Waitress, Openshift Ironic and 1 more | 2024-11-07 | 9.1 Critical |
| Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature. | ||||
| CVE-2024-48921 | 2 Kyverno, Nirmata | 2 Kyverno, Kyverno | 2024-11-07 | 2.7 Low |
| Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0. | ||||
| CVE-2024-10228 | 1 Hashicorp | 1 Vagrant Vmware Utility | 2024-11-07 | 3.8 Low |
| The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23 | ||||