Export limit exceeded: 35577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5843 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 8.8 High
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)
CVE-2024-5839 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 6.5 Medium
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5834 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 8.8 High
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5010 1 Progress 1 Whatsup Gold 2025-02-13 7.5 High
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality.  A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information.
CVE-2024-3846 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 5.4 Medium
Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-3845 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 9.8 Critical
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-3844 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 4.3 Medium
Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2024-3843 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 4.6 Medium
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-3840 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 6.5 Medium
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-3838 1 Google 1 Chrome 2025-02-13 4.3 Medium
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)
CVE-2024-3833 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 8.8 High
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-27254 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2025-02-13 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.
CVE-2024-2628 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 4.3 Medium
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)
CVE-2024-25046 1 Ibm 1 Db2 2025-02-13 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.
CVE-2024-24790 2 Golang, Redhat 20 Go, Advanced Cluster Security, Ansible Automation Platform and 17 more 2025-02-13 9.8 Critical
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
CVE-2024-24789 2 Golang, Redhat 11 Go, Advanced Cluster Security, Ceph Storage and 8 more 2025-02-13 5.3 Medium
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24758 1 Nodejs 1 Undici 2025-02-13 3.9 Low
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-24568 2 Fedoraproject, Oisf 2 Fedora, Suricata 2025-02-13 5.3 Medium
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
CVE-2024-23450 1 Elastic 1 Elasticsearch 2025-02-13 4.9 Medium
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.
CVE-2024-23315 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2025-02-13 7.5 High
A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability.