Total
262521 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8191 | 2024-09-10 | 7.8 High | ||
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | ||||
CVE-2024-8190 | 2024-09-10 | 7.2 High | ||
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | ||||
CVE-2024-8012 | 2024-09-10 | 7.8 High | ||
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-44107 | 2024-09-10 | 8.8 High | ||
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | ||||
CVE-2024-44106 | 2024-09-10 | 8.8 High | ||
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-44105 | 2024-09-10 | 8.2 High | ||
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | ||||
CVE-2024-44104 | 2024-09-10 | 8.8 High | ||
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-44103 | 2024-09-10 | 8.8 High | ||
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-3177 | 1 Redhat | 1 Openshift | 2024-09-10 | 2.7 Low |
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. | ||||
CVE-2024-7202 | 1 Simopro Technology | 1 Winmatrix3 | 2024-09-10 | 9.8 Critical |
The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | ||||
CVE-2024-7163 | 1 Seacms | 1 Seacms | 2024-09-10 | 3.5 Low |
A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability. | ||||
CVE-2024-8503 | 2024-09-10 | 9.8 Critical | ||
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. | ||||
CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-09-10 | 7.5 High |
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | ||||
CVE-2024-6911 | 1 Perkinelmer | 1 Processplus | 2024-09-10 | 7.5 High |
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0. | ||||
CVE-2023-26569 | 1 Idattend | 1 Idweb | 2024-09-10 | 9.8 Critical |
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
CVE-2024-22415 | 1 Jupyter | 1 Language Server Protocol Integration | 2024-09-10 | 7.3 High |
jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp. | ||||
CVE-2024-6122 | 1 Ni | 2 Flexlogger, Systemlink | 2024-09-10 | 5.5 Medium |
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. | ||||
CVE-2023-34446 | 1 Combodo | 1 Itop | 2024-09-10 | 8.8 High |
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | ||||
CVE-2023-42850 | 1 Apple | 1 Macos | 2024-09-10 | 5.5 Medium |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. | ||||
CVE-2023-41975 | 1 Apple | 1 Macos | 2024-09-10 | 4.3 Medium |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown. |