Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22125 | 1 Sap | 1 Gui Connector | 2024-01-12 | N/A | 7.5 HIGH |
| Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. | |||||
| CVE-2024-20696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-01-12 | N/A | 7.3 HIGH |
| Windows Libarchive Remote Code Execution Vulnerability | |||||
| CVE-2024-20698 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-01-12 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21309 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2024-01-12 | N/A | 7.8 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-21310 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-01-12 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-21312 | 1 Microsoft | 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more | 2024-01-12 | N/A | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2024-21318 | 1 Microsoft | 1 Sharepoint Server | 2024-01-12 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-21325 | 1 Microsoft | 1 Printer Metadata Troubleshooter Tool | 2024-01-12 | N/A | 7.8 HIGH |
| Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | |||||
| CVE-2023-42882 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution. | |||||
| CVE-2023-51406 | 1 Ninjateam | 1 Fastdup | 2024-01-12 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7. | |||||
| CVE-2023-42876 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 7.1 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents. | |||||
| CVE-2023-42826 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. | |||||
| CVE-2023-42933 | 1 Apple | 1 Macos | 2024-01-12 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges. | |||||
| CVE-2023-46167 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. | |||||
| CVE-2023-6534 | 1 Freebsd | 1 Freebsd | 2024-01-12 | N/A | 7.5 HIGH |
| In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall. | |||||
| CVE-2023-45178 | 1 Ibm | 1 Db2 | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073. | |||||
| CVE-2023-29258 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-12 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. | |||||
| CVE-2023-47489 | 1 Combodo | 1 Itop | 2024-01-11 | N/A | 7.8 HIGH |
| CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. | |||||
| CVE-2023-49252 | 1 Siemens | 1 Simatic Cn 4100 | 2024-01-11 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. | |||||
| CVE-2023-35356 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-01-11 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35633 | 1 Microsoft | 3 Windows 10 1507, Windows Server 2008, Windows Server 2012 | 2024-01-11 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-0305 | 1 Ncast Project | 1 Ncast | 2024-01-11 | N/A | 7.5 HIGH |
| A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872. | |||||
| CVE-2023-6998 | 1 Coolkit | 1 Ewelink | 2024-01-11 | N/A | 7.7 HIGH |
| Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. | |||||
| CVE-2022-40696 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-01-11 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. | |||||
| CVE-2023-6505 | 1 Codexonics | 1 Prime Mover | 2024-01-11 | N/A | 7.5 HIGH |
| The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files. | |||||
| CVE-2023-6750 | 1 Backupbliss | 1 Clone | 2024-01-11 | N/A | 7.5 HIGH |
| The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path. | |||||
| CVE-2022-45354 | 1 Wpchill | 1 Download Monitor | 2024-01-11 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | |||||
| CVE-2023-6042 | 1 Motopress | 1 Getwid - Gutenberg Blocks | 2024-01-11 | N/A | 7.5 HIGH |
| Any unauthenticated user may send e-mail from the site with any title or content to the admin | |||||
| CVE-2023-52208 | 1 Constantcontact | 1 Constant Contact Forms | 2024-01-11 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2. | |||||
| CVE-2023-52190 | 1 Wpswings | 1 Coupon Referral Program | 2024-01-11 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | |||||
| CVE-2024-21644 | 1 Pyload | 1 Pyload | 2024-01-11 | N/A | 7.5 HIGH |
| pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77. | |||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-01-11 | N/A | 7.8 HIGH |
| IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | |||||
| CVE-2023-34326 | 1 Xen | 1 Xen | 2024-01-11 | N/A | 7.8 HIGH |
| The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions. | |||||
| CVE-2020-24705 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2024-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | |||||
| CVE-2020-24703 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | |||||
| CVE-2023-48418 | 1 Google | 2 Pixel Watch, Pixel Watch Firmware | 2024-01-10 | N/A | 7.8 HIGH |
| In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation | |||||
| CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2024-01-10 | N/A | 7.5 HIGH |
| A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | |||||
| CVE-2023-50256 | 1 Froxlor | 1 Froxlor | 2024-01-10 | N/A | 7.5 HIGH |
| Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue. | |||||
| CVE-2023-46929 | 1 Gpac | 1 Gpac | 2024-01-10 | N/A | 7.5 HIGH |
| An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. | |||||
| CVE-2024-21622 | 1 Craftcms | 1 Craft Cms | 2024-01-10 | N/A | 8.8 HIGH |
| Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. | |||||
| CVE-2023-45559 | 1 Linecorp | 1 Line | 2024-01-10 | N/A | 8.2 HIGH |
| An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | |||||
| CVE-2023-21739 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2024-01-09 | N/A | 7.0 HIGH |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||
| CVE-2020-1336 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-01-09 | 4.6 MEDIUM | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.</p> | |||||
| CVE-2023-33112 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csra6620 and 251 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. | |||||
| CVE-2023-33062 | 1 Qualcomm | 580 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 577 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS in WLAN Firmware while parsing a BTM request. | |||||
| CVE-2023-33040 | 1 Qualcomm | 288 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 285 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS in Data Modem during DTLS handshake. | |||||
| CVE-2023-36719 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-01-09 | N/A | 7.8 HIGH |
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | |||||
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | |||||
| CVE-2024-21629 | 1 Evm Project | 1 Evm | 2024-01-09 | N/A | 7.5 HIGH |
| Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available. | |||||
| CVE-2023-49549 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | |||||