Search Results (364910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34461 1 Pybb Project 1 Pybb 2024-12-09 4.6 Medium
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a>` that looks like ```<a href=javascript:alert (1)>xss</a>``` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled "post.html" in templates or by adding manual validation of links in the post creation section.
CVE-2023-29158 1 Subnet 1 Powersystem Center 2024-12-09 6.1 Medium
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.
CVE-2023-32659 1 Subnet 1 Powersystem Center 2024-12-09 6.5 Medium
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.
CVE-2024-8785 1 Progress 1 Whatsup Gold 2024-12-09 9.8 Critical
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
CVE-2023-34597 1 Fibaro 2 Fgms-001, Fgms-001 Firmware 2024-12-09 6.5 Medium
A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
CVE-2024-7227 1 Avast 1 Free Antivirus 2024-12-09 7.8 High
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22272.
CVE-2024-7228 1 Avast 1 Free Antivirus 2024-12-09 5.5 Medium
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806.
CVE-2024-7229 1 Avast 2 Cleanup, Cleanup Premium 2024-12-09 7.8 High
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22892.
CVE-2024-7230 1 Avast 2 Cleanup, Cleanup Premium 2024-12-09 7.8 High
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22893.
CVE-2024-7231 1 Avast 2 Cleanup, Cleanup Premium 2024-12-09 7.8 High
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22894.
CVE-2024-27790 1 Claris 1 Filemaker Server 2024-12-09 7.5 High
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.
CVE-2023-35885 1 Mgt-commerce 1 Cloudpanel 2024-12-09 9.8 Critical
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
CVE-2023-34600 1 Adiscon 1 Loganalyzer 2024-12-09 9.8 Critical
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
CVE-2023-2400 1 Devolutions 1 Devolutions Server 2024-12-09 2.7 Low
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
CVE-2024-4046 1 Huawei 2 Emui, Harmonyos 2024-12-09 6.4 Medium
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32998 1 Huawei 2 Emui, Harmonyos 2024-12-09 5.9 Medium
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-12231 1 Infoline-tr 1 Project Management System 2024-12-09 7.3 High
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-32996 1 Huawei 2 Emui, Harmonyos 2024-12-09 6.2 Medium
Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32997 1 Huawei 2 Emui, Harmonyos 2024-12-09 8.4 High
Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32999 1 Huawei 2 Emui, Harmonyos 2024-12-09 6.8 Medium
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.