Total
262939 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-09-10 | 7.5 High |
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | ||||
CVE-2024-6911 | 1 Perkinelmer | 1 Processplus | 2024-09-10 | 7.5 High |
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0. | ||||
CVE-2023-26569 | 1 Idattend | 1 Idweb | 2024-09-10 | 9.8 Critical |
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
CVE-2024-22415 | 1 Jupyter | 1 Language Server Protocol Integration | 2024-09-10 | 7.3 High |
jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp. | ||||
CVE-2024-6122 | 1 Ni | 2 Flexlogger, Systemlink | 2024-09-10 | 5.5 Medium |
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. | ||||
CVE-2023-34446 | 1 Combodo | 1 Itop | 2024-09-10 | 8.8 High |
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | ||||
CVE-2023-42850 | 1 Apple | 1 Macos | 2024-09-10 | 5.5 Medium |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. | ||||
CVE-2023-41975 | 1 Apple | 1 Macos | 2024-09-10 | 4.3 Medium |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown. | ||||
CVE-2023-42857 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-10 | 3.3 Low |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | ||||
CVE-2023-41997 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-10 | 4.6 Medium |
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | ||||
CVE-2023-41254 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-10 | 5.5 Medium |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data. | ||||
CVE-2024-44902 | 1 Thinkphp | 1 Thinkphp | 2024-09-10 | 9.8 Critical |
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | ||||
CVE-2024-44893 | 1 Jeecg | 1 Jimureport | 2024-09-10 | 9.8 Critical |
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | ||||
CVE-2024-44676 | 1 Eladmin | 1 Eladmin | 2024-09-10 | 6.1 Medium |
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. | ||||
CVE-2024-44667 | 1 Shenzhen Haichangxing Technology | 1 Hcx H822 Firmware | 2024-09-10 | 8 High |
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. | ||||
CVE-2024-44072 | 1 Buffalo Inc | 18 Wex 1166dhp, Wex 1166dhp2, Wex 1166dhps and 15 more | 2024-09-10 | 5.7 Medium |
OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed. | ||||
CVE-2024-31960 | 1 Samsung Mobile | 1 Exynos | 2024-09-10 | 7.8 High |
An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free. | ||||
CVE-2024-0744 | 1 Mozilla | 1 Firefox | 2024-09-10 | 7.5 High |
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. | ||||
CVE-2023-42490 | 1 Busbaer | 1 Eisbaer Scada | 2024-09-10 | 7.5 High |
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
CVE-2023-40408 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-10 | 5.3 Medium |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly. |