Search Results (363878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32613 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2024-12-05 8.1 High
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
CVE-2023-32523 1 Trendmicro 1 Mobile Security 2024-12-05 8.8 High
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.
CVE-2024-20770 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2024-12-05 5.5 Medium
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-32524 1 Trendmicro 1 Mobile Security 2024-12-05 8.8 High
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.
CVE-2024-20766 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-12-05 5.5 Medium
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-51541 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 8.2 High
Local File Inclusion vulnerabilities allow access to sensitive system information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2024-21108 1 Oracle 1 Vm Virtualbox 2024-12-05 3.3 Low
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2023-36664 4 Artifex, Debian, Fedoraproject and 1 more 5 Ghostscript, Debian Linux, Fedora and 2 more 2024-12-05 7.8 High
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
CVE-2023-34672 1 Elenos 2 Etg150, Etg150 Firmware 2024-12-05 8.8 High
Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.
CVE-2023-32525 1 Trendmicro 1 Mobile Security 2024-12-05 6.5 Medium
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526.
CVE-2023-30902 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-12-05 5.5 Medium
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
CVE-2021-30205 1 Dzzoffice 1 Dzzoffice 2024-12-05 5.3 Medium
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
CVE-2024-20737 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2024-12-05 5.5 Medium
After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-51549 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 10 Critical
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2024-51550 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 10 Critical
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2023-36348 1 Codekop 1 Codekop 2024-12-05 8.8 High
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
CVE-2024-51551 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 10 Critical
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
CVE-2024-20772 3 Adobe, Apple, Microsoft 3 Media Encoder, Macos, Windows 2024-12-05 7.8 High
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-36663 1 It-novum 1 Openitcockpit 2024-12-05 8.8 High
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
CVE-2024-51543 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 8.2 High
Information Disclosure vulnerabilities allow access to application configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02