Latest CVE Feed
-
7.5
HIGHCVE-2024-48981
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet header by looking up the identifying first byte and matching it against a table of possible lengths. The initial pars... Read more
Affected Products : mbed- Published: Nov. 20, 2024
- Modified: Nov. 25, 2024
-
5.4
MEDIUMCVE-2024-45510
An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into sp... Read more
Affected Products : zimbra_collaboration_suite- Published: Nov. 20, 2024
- Modified: Jun. 11, 2025
-
5.4
MEDIUMCVE-2024-45511
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim open... Read more
Affected Products : zimbra_collaboration_suite- Published: Nov. 20, 2024
- Modified: Jun. 11, 2025
-
9.1
CRITICALCVE-2024-33439
An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters.... Read more
Affected Products :- Published: Nov. 20, 2024
- Modified: Nov. 27, 2024
-
8.0
HIGHCVE-2024-52739
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.... Read more
- Published: Nov. 20, 2024
- Modified: May. 09, 2025
-
9.1
CRITICALCVE-2024-29292
Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters.... Read more
Affected Products :- Published: Nov. 20, 2024
- Modified: Nov. 27, 2024
-
6.1
MEDIUMCVE-2024-11493
A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be i... Read more
Affected Products : 115cms- Published: Nov. 20, 2024
- Modified: Nov. 22, 2024
-
6.1
MEDIUMCVE-2024-11492
A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate... Read more
Affected Products : 115cms- Published: Nov. 20, 2024
- Modified: Nov. 22, 2024
-
6.5
MEDIUMCVE-2018-9487
In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 19, 2024
-
6.5
MEDIUMCVE-2018-9486
In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 19, 2024
-
6.5
MEDIUMCVE-2018-9485
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed f... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
7.5
HIGHCVE-2018-9484
In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploit... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
6.5
MEDIUMCVE-2018-9483
In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
6.5
MEDIUMCVE-2018-9482
In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed ... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
6.5
MEDIUMCVE-2018-9481
In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not... Read more
- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
6.5
MEDIUMCVE-2018-9480
In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction ... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
9.8
CRITICALCVE-2018-9479
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is ... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
9.8
CRITICALCVE-2018-9478
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is ... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
7.8
HIGHCVE-2018-9477
In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is neede... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024
-
8.8
HIGHCVE-2018-9475
In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execut... Read more
Affected Products : android- Published: Nov. 20, 2024
- Modified: Dec. 18, 2024