Search Results (363866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-18409 1 Catfishcms Project 1 Catfishcms 2024-12-05 6.8 Medium
Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.
CVE-2023-30945 1 Palantir 3 Clips2, Video Clip Distributor, Video History Service 2024-12-05 9.8 Critical
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
CVE-2024-3367 1 Checkmk 1 Checkmk 2024-12-05 6.5 Medium
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
CVE-2023-25001 1 Autodesk 1 Navisworks 2024-12-05 7.8 High
A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVE-2021-47488 2024-12-05 4.4 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-6298 1 Abb 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more 2024-12-05 10 Critical
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely
CVE-2024-6209 1 Abb 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more 2024-12-05 10 Critical
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized
CVE-2024-20791 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-12-04 7.8 High
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20745 3 Adobe, Apple, Microsoft 3 Premiere Pro, Macos, Windows 2024-12-04 7.8 High
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20746 3 Adobe, Apple, Microsoft 3 Premiere Pro, Macos, Windows 2024-12-04 7.8 High
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20752 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-12-04 7.8 High
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20755 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-12-04 7.8 High
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20756 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-12-04 7.8 High
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20757 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-12-04 5.5 Medium
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-2380 1 Checkmk 1 Checkmk 2024-12-04 4.6 Medium
Stored XSS in graph rendering in Checkmk <2.3.0b4.
CVE-2023-34796 1 Techsneeze 1 Dmarc Report 2024-12-04 6.1 Medium
Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.
CVE-2023-21198 1 Google 1 Android 2024-12-04 5.5 Medium
In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245517503
CVE-2023-21236 1 Google 1 Android 2024-12-04 6.7 Medium
In aoc_service_set_read_blocked of aoc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270148537References: N/A
CVE-2023-21517 1 Samsung 1 Exynos 2024-12-04 8.8 High
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
CVE-2023-3330 1 Nec 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more 2024-12-04 4.3 Medium
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.