Weekly Vulnerabilities Reports > November 25 to December 1, 2024
Overview
164 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 27 vendors including Fujielectric, Google, Qualcomm, Engeniustech, and Phpgurukul. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Command Injection", and "Out-of-bounds Read".
- 123 reported vulnerabilities are remotely exploitables.
- 78 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 87 reported vulnerabilities are exploitable by an anonymous user.
- Fujielectric has the most reported vulnerabilities, with 17 reported vulnerabilities.
- Phpgurukul has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-12-01 | CVE-2024-12007 | Code Projects | SQL Injection vulnerability in Code-Projects Farmacia 1.0 A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. | 9.8 |
2024-11-29 | CVE-2024-49803 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 9.8 | |
2024-11-28 | CVE-2024-11970 | Anisha | SQL Injection vulnerability in Anisha Concert Ticket Ordering System 1.0 A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. | 9.8 |
2024-11-28 | CVE-2024-11966 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical. | 9.8 |
2024-11-28 | CVE-2024-11967 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability was found in PHPGurukul Complaint Management system 1.0. | 9.8 |
2024-11-28 | CVE-2024-11964 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. | 9.8 |
2024-11-28 | CVE-2024-11965 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. | 9.8 |
2024-11-28 | CVE-2024-11962 | Fabianros | SQL Injection vulnerability in Fabianros Simple CAR Rental System 1.0 A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. | 9.8 |
2024-11-27 | CVE-2024-11667 | Zyxel | Path Traversal vulnerability in Zyxel ZLD A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL. | 9.8 |
2024-11-27 | CVE-2024-53676 | HPE | Path Traversal vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. | 9.8 |
2024-11-27 | CVE-2024-11818 | Phpgurukul | SQL Injection vulnerability in PHPgurukul User Registration & Login and User Management System 1.0 A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. | 9.8 |
2024-11-27 | CVE-2024-11819 | 1000Projects | SQL Injection vulnerability in 1000Projects Portfolio Management System MCA 1.0 A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. | 9.8 |
2024-11-26 | CVE-2024-11817 | Phpgurukul | SQL Injection vulnerability in PHPgurukul User Registration & Login and User Management System 1.0 A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. | 9.8 |
2024-11-26 | CVE-2024-53673 | HPE | Deserialization of Untrusted Data vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. | 9.8 |
2024-11-26 | CVE-2024-11744 | 1000Projects | SQL Injection vulnerability in 1000Projects Portfolio Management System MCA 1.0 A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. | 9.8 |
2024-11-26 | CVE-2024-11745 | Tenda | Out-of-bounds Write vulnerability in Tenda AC8 Firmware 16.03.34.09 A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. | 9.8 |
2024-11-26 | CVE-2024-49035 | Microsoft | Unspecified vulnerability in Microsoft Partner Center An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. | 9.8 |
2024-11-26 | CVE-2024-11680 | Projectsend | Incorrect Authorization vulnerability in Projectsend ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. | 9.8 |
2024-11-26 | CVE-2017-11076 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder. | 9.8 |
2024-11-26 | CVE-2017-17772 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation. | 9.8 |
2024-11-25 | CVE-2024-11663 | Codezips | SQL Injection vulnerability in Codezips E-Commerce Site 1.0 A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. | 9.8 |
2024-11-25 | CVE-2024-11664 | Enms | Unspecified vulnerability in Enms A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. | 9.8 |
2024-11-25 | CVE-2024-11661 | Codezips | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Free Exam Hall Seating Management System 1.0 A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. | 9.8 |
2024-11-25 | CVE-2024-11649 | 1000Projects | SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0 A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. | 9.8 |
2024-11-25 | CVE-2024-11647 | 1000Projects | SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0 A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. | 9.8 |
2024-11-25 | CVE-2024-11648 | 1000Projects | SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0 A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. | 9.8 |
2024-11-25 | CVE-2024-11646 | 1000Projects | SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0 A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. | 9.8 |
2024-11-27 | CVE-2024-9369 | Improper Validation of Specified Quantity in Input vulnerability in Google Chrome Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | 9.6 | |
2024-11-26 | CVE-2024-49038 | Microsoft | Unspecified vulnerability in Microsoft Copilot Studio Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. | 9.6 |
2024-11-29 | CVE-2024-49805 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.4 | |
2024-11-29 | CVE-2024-49806 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.4 |
57 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2024-11-28 | CVE-2024-11963 | Fabianros | SQL Injection vulnerability in Fabianros Responsive Hotel Site 1.0 A vulnerability, which was classified as critical, has been found in code-projects Responsive Hotel Site 1.0. | 8.8 |
2024-11-28 | CVE-2024-11959 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-605L Firmware 2.13B01 A vulnerability was found in D-Link DIR-605L 2.13B01. | 8.8 |
2024-11-28 | CVE-2024-11960 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-605L Firmware 2.13B01 A vulnerability was found in D-Link DIR-605L 2.13B01. | 8.8 |
2024-11-27 | CVE-2024-7025 | Integer Overflow or Wraparound vulnerability in Google Chrome Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2024-11-26 | CVE-2024-8114 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. | 8.8 |
2024-11-26 | CVE-2024-11674 | Hospital Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Hospital Management System Project Hospital Management System 1.0 A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. | 8.8 |
2024-11-26 | CVE-2024-49052 | Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. | 8.2 | |
2024-11-29 | CVE-2024-49804 | IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. | 7.8 | |
2024-11-28 | CVE-2018-9374 | Unspecified vulnerability in Google Android In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. | 7.8 | |
2024-11-28 | CVE-2024-11787 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11789 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11790 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11791 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11792 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11793 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11794 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11795 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11796 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11797 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11798 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11799 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus Lite V-Simulator 4.0.20.0 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11800 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus Lite V-Simulator 4.0.20.0 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11801 | Fujielectric | Unspecified vulnerability in Fujielectric Tellus Lite V-Simulator 4.0.20.0 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11802 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus Lite V-Simulator 4.0.20.0 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11803 | Fujielectric | Unspecified vulnerability in Fujielectric Tellus Lite V-Simulator 4.0.20.0 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. | 7.8 |
2024-11-28 | CVE-2024-11933 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 6.2.3.0 Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. | 7.8 |
2024-11-27 | CVE-2017-13323 | Integer Overflow or Wraparound vulnerability in Google Android In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. | 7.8 | |
2024-11-27 | CVE-2017-13316 | Missing Authorization vulnerability in Google Android In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. | 7.8 | |
2024-11-26 | CVE-2016-10408 | Qualcomm | Unspecified vulnerability in Qualcomm products QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. | 7.8 |
2024-11-26 | CVE-2018-5852 | Qualcomm | Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat' | 7.8 |
2024-11-26 | CVE-2016-10394 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Initial xbl_sec revision does not have all the debug policy features and critical checks. | 7.8 |
2024-11-26 | CVE-2017-15832 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW | 7.8 |
2024-11-26 | CVE-2018-11952 | Qualcomm | Improper Authentication vulnerability in Qualcomm products An image with a version lower than the fuse version may potentially be booted lead to improper authentication. | 7.8 |
2024-11-25 | CVE-2024-53096 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other unpleasantness can occur. A large amount of the complexity arises from trying to handle errors late in the process of mapping a VMA, which forms the basis of recently observed issues with resource leaks and observable inconsistent state. Taking advantage of previous patches in this series we move a number of checks earlier in the code, simplifying things by moving the core of the logic into a static internal function __mmap_region(). Doing this allows us to perform a number of checks up front before we do any real work, and allows us to unwind the writable unmap check unconditionally as required and to perform a CONFIG_DEBUG_VM_MAPLE_TREE validation unconditionally also. We move a number of things here: 1. | 7.8 |
2024-11-25 | CVE-2024-53098 | Linux | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. (cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928) | 7.8 |
2024-11-30 | CVE-2024-11998 | Farmacia Project | SQL Injection vulnerability in Farmacia Project Farmacia 1.0 A vulnerability was found in code-projects Farmacia 1.0. | 7.5 |
2024-11-28 | CVE-2024-11968 | Anisha | SQL Injection vulnerability in Anisha Farmacia 1.0 A vulnerability was found in code-projects Farmacia up to 1.0. | 7.5 |
2024-11-28 | CVE-2024-11961 | Huayi TEC | Unspecified vulnerability in Huayi-Tec Jeewms 3.7 A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. | 7.5 |
2024-11-27 | CVE-2017-13319 | Classic Buffer Overflow vulnerability in Google Android In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. | 7.5 | |
2024-11-26 | CVE-2024-11622 | HPE | XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 7.5 |
2024-11-26 | CVE-2024-53674 | HPE | XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 7.5 |
2024-11-26 | CVE-2024-53675 | HPE | XXE vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 7.5 |
2024-11-26 | CVE-2024-11669 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. | 7.5 |
2024-11-26 | CVE-2024-11828 | Gitlab | Unspecified vulnerability in Gitlab A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. | 7.5 |
2024-11-26 | CVE-2024-8177 | Gitlab | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry. | 7.5 |
2024-11-26 | CVE-2024-8237 | Gitlab | Unspecified vulnerability in Gitlab A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. | 7.5 |
2024-11-25 | CVE-2024-11659 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. | 7.2 |
2024-11-25 | CVE-2024-11657 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. | 7.2 |
2024-11-25 | CVE-2024-11658 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. | 7.2 |
2024-11-25 | CVE-2024-11655 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. | 7.2 |
2024-11-25 | CVE-2024-11656 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. | 7.2 |
2024-11-25 | CVE-2024-11653 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. | 7.2 |
2024-11-25 | CVE-2024-11654 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. | 7.2 |
2024-11-25 | CVE-2024-11651 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. | 7.2 |
2024-11-25 | CVE-2024-11652 | Engeniustech | Command Injection vulnerability in Engeniustech products A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. | 7.2 |
2024-11-25 | CVE-2024-53099 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing bpf_link_type_strs[link->type] may result in an out-of-bounds access. To spot such missed invocations early in the future, checking the validity of link->type in bpf_link_show_fdinfo() and emitting a warning when such invocations are missed. | 7.1 |
2024-11-26 | CVE-2017-18153 | Qualcomm | Use After Free vulnerability in Qualcomm products A race condition exists in a driver potentially leading to a use-after-free condition. | 7.0 |
76 Medium Vulnerabilities
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|