Search and browse vulnerability records from NVD
Showing 50 of 42198 CVEs
| CVE ID | Severity | Description | EPSS | Published | |
|---|---|---|---|---|---|
| 7.8 HIGH |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. |
1.8% | 2024-06-10 | ||
| 8.8 HIGH |
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user. |
0.7% | 2024-06-10 | ||
| 8.8 HIGH |
The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution. |
0.8% | 2024-06-10 | ||
| 7.8 HIGH |
This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges. |
0.2% | 2024-06-10 | ||
| 7.8 HIGH |
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execution. |
0.4% | 2024-06-10 | ||
| 8.8 HIGH |
An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution. |
0.8% | 2024-06-10 | ||
| 7.8 HIGH |
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges. |
0.6% | 2024-06-10 | ||
| 7.8 HIGH |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. |
0.3% | 2024-06-10 | ||
| 7.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges. |
0.3% | 2024-06-10 | ||
| 8.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution. |
1.0% | 2024-06-10 | ||
| 7.8 HIGH |
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges. |
0.2% | 2024-06-10 | ||
| 7.8 HIGH |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges. |
2.0% | 2024-06-10 | ||
| 7.8 HIGH |
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges. |
0.6% | 2024-06-10 | ||
| 8.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution. |
1.2% | 2024-06-10 | ||
| 7.8 HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. |
0.4% | 2024-06-10 | ||
| 7.8 HIGH |
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges. |
0.4% | 2024-06-10 | ||
| 8.6 HIGH |
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to break out of its sandbox. |
0.2% | 2024-06-10 | ||
| 7.6 HIGH |
Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through <= 3.3. |
0.3% | 2024-06-10 | ||
| 8.5 HIGH |
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10. |
0.4% | 2024-06-10 | ||
| 7.8 HIGH |
An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. |
0.2% | 2024-06-10 | ||
| 7.8 HIGH |
An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components. |
0.2% | 2024-06-10 | ||
| 8.0 HIGH |
Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”. |
0.9% | 2024-06-10 | ||
|
CVE-2024-36971
KEV
|
7.8 HIGH |
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets. |
2.7% | 2024-06-10 | |
| 7.5 HIGH |
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.) |
0.4% | 2024-06-09 | ||
| 7.1 HIGH |
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. |
0.4% | 2024-06-09 | ||
| 7.1 HIGH |
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. |
0.3% | 2024-06-09 | ||
| 7.7 HIGH |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. |
0.6% | 2024-06-09 | ||
| 7.5 HIGH |
Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. |
0.3% | 2024-06-09 | ||
| 7.7 HIGH |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4. |
0.6% | 2024-06-09 | ||
| 7.5 HIGH |
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39. |
0.4% | 2024-06-09 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through <= 11.41. |
0.7% | 2024-06-08 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list.This issue affects 12 Step Meeting List: from n/a through <= 3.14.33. |
0.6% | 2024-06-08 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.12.0. |
0.3% | 2024-06-08 | ||
| 7.3 HIGH |
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd. |
0.3% | 2024-06-08 | ||
| 7.4 HIGH |
The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
0.3% | 2024-06-08 | ||
| 8.8 HIGH |
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator. |
0.4% | 2024-06-08 | ||
| 8.8 HIGH |
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873. |
1.6% | 2024-06-07 | ||
| 8.0 HIGH |
Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. |
0.3% | 2024-06-07 | ||
| 8.8 HIGH |
Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information. |
0.3% | 2024-06-07 | ||
| 8.8 HIGH |
Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. |
0.3% | 2024-06-07 | ||
| 7.8 HIGH |
Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code. |
0.2% | 2024-06-07 | ||
| 7.2 HIGH |
Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/interface/ckeditor/ckeditor/plugins/ directory without properly verifying their content. This can be exploited by admin users (with the toolbar_manage permission) to write arbitrary PHP files into that directory, leading to execution of arbitrary PHP code in the context of the web server user. |
0.7% | 2024-06-07 | ||
| 7.5 HIGH |
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder. |
0.5% | 2024-06-07 | ||
| 7.2 HIGH |
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
0.3% | 2024-06-07 | ||
|
CVE-2024-4610
KEV
|
7.8 HIGH |
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0. |
0.8% | 2024-06-07 | |
| 7.5 HIGH |
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server. |
0.8% | 2024-06-07 | ||
| 7.2 HIGH |
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-37256 is likely a duplicate of this issue. |
0.5% | 2024-06-07 | ||
| 7.5 HIGH |
The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit. |
0.6% | 2024-06-07 | ||
| 7.5 HIGH |
robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c. |
0.4% | 2024-06-06 | ||
| 7.5 HIGH |
An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component. |
0.6% | 2024-06-06 |