Search Results (366805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-13137 1 Wangl1989 1 Mysiteforme 2025-01-10 2.4 Low
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-13136 1 Wangl1989 1 Mysiteforme 2025-01-10 6.3 Medium
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-2983 1 Pimcore 1 Pimcore 2025-01-10 8.8 High
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
CVE-2023-32691 1 Go Simple Tunnel Project 1 Go Simple Tunnel 2025-01-10 5.9 Medium
gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`.
CVE-2023-32692 1 Codeigniter 1 Codeigniter 2025-01-10 9.8 Critical
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.
CVE-2020-9081 1 Huawei 14 Mate 20, Mate 20 Firmware, P30 and 11 more 2025-01-10 3.5 Low
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.
CVE-2020-9080 1 Huawei 6 Mate 20 Pro, Mate 20 Pro \(ud\), Mate 20 Pro \(ud\) Firmware and 3 more 2025-01-10 7.8 High
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.
CVE-2023-32698 1 Goreleaser 1 Nfpm 2025-01-10 7.1 High
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.
CVE-2023-32685 1 Kanboard 1 Kanboard 2025-01-10 4.4 Medium
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.
CVE-2023-33175 1 Toui Project 1 Toui 2025-01-10 9.1 Critical
ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.
CVE-2020-1819 1 Huawei 18 Ips Module, Ips Module Firmware, Ngfw Module and 15 more 2025-01-10 3.7 Low
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.
CVE-2020-1818 1 Huawei 18 Ips Module, Ips Module Firmware, Ngfw Module and 15 more 2025-01-10 3.7 Low
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.
CVE-2024-39727 1 Ibm 2 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights 2025-01-10 6.1 Medium
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
CVE-2023-29550 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Focus and 6 more 2025-01-10 8.8 High
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-29549 1 Mozilla 2 Firefox, Focus 2025-01-10 6.5 Medium
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-29548 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Focus and 6 more 2025-01-10 6.5 Medium
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-29547 1 Mozilla 3 Firefox, Firefox Esr, Focus 2025-01-10 6.5 Medium
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-29544 1 Mozilla 2 Firefox, Focus 2025-01-10 6.5 Medium
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-43541 1 Qualcomm 66 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 63 more 2025-01-10 8.4 High
Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
CVE-2024-39725 1 Ibm 2 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights 2025-01-10 5.3 Medium
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.