Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3028 | 2024-04-16 | N/A | 7.2 HIGH | ||
| mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the application's '.env' file, and even delete files by setting the 'logo_filename' to the path of the target file and invoking the 'remove-logo' API endpoint. This vulnerability is due to the lack of proper sanitization of user-supplied input. | |||||
| CVE-2024-2424 | 2024-04-16 | N/A | 7.5 HIGH | ||
| An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability. | |||||
| CVE-2024-3029 | 2024-04-16 | N/A | 9.0 CRITICAL | ||
| In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multi_user_mode'. The vulnerability allows an attacker to remove all existing users and potentially create a new admin user without requiring a password, leading to unauthorized access and control over the application. | |||||
| CVE-2024-3493 | 2024-04-16 | N/A | 8.6 HIGH | ||
| A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. | |||||
| CVE-2024-29838 | 2024-04-15 | N/A | 7.5 HIGH | ||
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software | |||||
| CVE-2023-28574 | 1 Qualcomm | 156 Ar8035, Ar8035 Firmware, Qam8255p and 153 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in core services when Diag handler receives a command to configure event listeners. | |||||
| CVE-2023-24853 | 1 Qualcomm | 226 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 223 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory Corruption in HLOS while registering for key provisioning notify. | |||||
| CVE-2023-22382 | 1 Qualcomm | 58 Apq8064au, Apq8064au Firmware, Msm8996au and 55 more | 2024-04-12 | N/A | 8.2 HIGH |
| Weak configuration in Automotive while VM is processing a listener request from TEE. | |||||
| CVE-2023-21671 | 1 Qualcomm | 48 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 45 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory Corruption in Core during syscall for Sectools Fuse comparison feature. | |||||
| CVE-2023-21657 | 1 Qualcomm | 252 Csra6620, Csra6620 Firmware, Csra6640 and 249 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memoru corruption in Audio when ADSP sends input during record use case. | |||||
| CVE-2023-21656 | 1 Qualcomm | 256 Ar8035, Ar8035 Firmware, Csra6620 and 253 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in WLAN HOST while receiving an WMI event from firmware. | |||||
| CVE-2023-21647 | 1 Qualcomm | 86 Qca6390, Qca6390 Firmware, Qca6391 and 83 more | 2024-04-12 | N/A | 6.5 MEDIUM |
| Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. | |||||
| CVE-2023-21631 | 1 Qualcomm | 320 205, 205 Firmware, 215 and 317 more | 2024-04-12 | N/A | 9.8 CRITICAL |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. | |||||
| CVE-2023-21627 | 1 Qualcomm | 96 Aqt1000, Aqt1000 Firmware, Qca6390 and 93 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Trusted Execution Environment while calling service API with invalid address. | |||||
| CVE-2022-40502 | 1 Qualcomm | 192 Csr8811, Csr8811 Firmware, Ipq5010 and 189 more | 2024-04-12 | N/A | 7.5 HIGH |
| Transient DOS due to improper input validation in WLAN Host. | |||||
| CVE-2022-34146 | 1 Qualcomm | 194 Csr8811, Csr8811 Firmware, Ipq5010 and 191 more | 2024-04-12 | N/A | 7.5 HIGH |
| Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation. | |||||
| CVE-2022-33216 | 1 Qualcomm | 36 Qam8295p, Qam8295p Firmware, Qca6574a and 33 more | 2024-04-12 | N/A | 5.5 MEDIUM |
| Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file. | |||||
| CVE-2022-33211 | 1 Qualcomm | 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more | 2024-04-12 | N/A | 9.8 CRITICAL |
| memory corruption in modem due to improper check while calculating size of serialized CoAP message | |||||
| CVE-2022-25729 | 1 Qualcomm | 60 Ar8031, Ar8031 Firmware, Csra6620 and 57 more | 2024-04-12 | N/A | 9.8 CRITICAL |
| Memory corruption in modem due to improper length check while copying into memory | |||||
| CVE-2023-33057 | 1 Qualcomm | 202 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 199 more | 2024-04-12 | N/A | 7.5 HIGH |
| Transient DOS in Multi-Mode Call Processor while processing UE policy container. | |||||