Total
18200 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3128 | 2 Grafana, Redhat | 3 Grafana, Ceph Storage, Enterprise Linux | 2024-12-06 | 9.4 Critical |
| Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. | ||||
| CVE-2023-32571 | 1 Dynamic-linq | 1 Linq | 2024-12-06 | 9.8 Critical |
| Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. | ||||
| CVE-2024-52533 | 1 Gnome | 1 Glib | 2024-12-06 | 9.8 Critical |
| gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. | ||||
| CVE-2023-29405 | 3 Fedoraproject, Golang, Redhat | 5 Fedora, Go, Ceph Storage and 2 more | 2024-12-06 | 9.8 Critical |
| The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | ||||
| CVE-2024-23255 | 1 Apple | 5 Ios, Ipad Os, Ipados and 2 more | 2024-12-06 | 9.1 Critical |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication. | ||||
| CVE-2024-10961 | 1 Oneall Social Login | 1 Oa-social-login | 2024-12-06 | 9.8 Critical |
| The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | ||||
| CVE-2023-34601 | 1 Jeesite | 1 Jeesite | 2024-12-05 | 9.8 Critical |
| Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. | ||||
| CVE-2023-32412 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 9.8 Critical |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-6515 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 9.6 Critical |
| Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-6516 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 9 Critical |
| Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-6784 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 9.9 Critical |
| Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-11317 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 10 Critical |
| Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-48839 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 10 Critical |
| Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-48840 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 10 Critical |
| Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-48845 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 9.4 Critical |
| Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | ||||
| CVE-2024-45321 | 3 App\, Perl, Redhat | 3 \, Cpanminus, Enterprise Linux | 2024-12-05 | 9.8 Critical |
| The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. | ||||
| CVE-2023-3326 | 1 Freebsd | 1 Freebsd | 2024-12-05 | 9.8 Critical |
| pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system. | ||||
| CVE-2023-2989 | 1 Globalscape | 1 Eft Server | 2024-12-05 | 9.1 Critical |
| Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited | ||||
| CVE-2022-0788 | 1 Wpmet | 1 Fundengine | 2024-12-05 | 9.8 Critical |
| The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users | ||||
| CVE-2023-30258 | 1 Magnussolution | 1 Magnusbilling | 2024-12-05 | 9.8 Critical |
| Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | ||||