Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | |||||
| CVE-2023-21673 | 1 Qualcomm | 326 Aqt1000, Aqt1000 Firmware, Ar8035 and 323 more | 2024-04-12 | N/A | 7.8 HIGH |
| Improper Access to the VM resource manager can lead to Memory Corruption. | |||||
| CVE-2023-21670 | 1 Qualcomm | 364 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 361 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | |||||
| CVE-2023-21642 | 1 Qualcomm | 26 Qam8295p, Qam8295p Firmware, Qca6574au and 23 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in HAB Memory management due to broad system privileges via physical address. | |||||
| CVE-2022-40539 | 1 Qualcomm | 50 Qam8295p, Qam8295p Firmware, Qca6574au and 47 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Automotive Android OS due to improper validation of array index. | |||||
| CVE-2022-40529 | 1 Qualcomm | 392 Aqt1000, Aqt1000 Firmware, Ar8031 and 389 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption due to improper access control in kernel while processing a mapping request from root process. | |||||
| CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption due to improper access control in Qualcomm IPC. | |||||
| CVE-2023-43517 | 1 Qualcomm | 38 Qam8255p, Qam8255p Firmware, Qam8295p and 35 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Automotive Multimedia due to improper access control in HAB. | |||||
| CVE-2023-33071 | 1 Qualcomm | 26 Qca6574, Qca6574 Firmware, Qca6574a and 23 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. | |||||
| CVE-2024-26203 | 2024-04-11 | N/A | 7.3 HIGH | ||
| Azure Data Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-26201 | 2024-04-11 | N/A | 6.6 MEDIUM | ||
| Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-2217 | 2024-04-10 | N/A | 7.5 HIGH | ||
| gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication. | |||||
| CVE-2024-2731 | 2024-04-10 | N/A | 5.4 MEDIUM | ||
| Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. | |||||
| CVE-2024-21424 | 2024-04-10 | N/A | 6.5 MEDIUM | ||
| Azure Compute Gallery Elevation of Privilege Vulnerability | |||||
| CVE-2024-29990 | 2024-04-10 | N/A | 9.0 CRITICAL | ||
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||||
| CVE-2024-28922 | 2024-04-10 | N/A | 4.1 MEDIUM | ||
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-26234 | 2024-04-10 | N/A | 6.7 MEDIUM | ||
| Proxy Driver Spoofing Vulnerability | |||||
| CVE-2024-29993 | 2024-04-10 | N/A | 8.8 HIGH | ||
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||
| CVE-2024-28917 | 2024-04-10 | N/A | 6.2 MEDIUM | ||
| Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | |||||
| CVE-2024-23675 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | |||||