Search Results (364863 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-21108 1 Oracle 1 Vm Virtualbox 2024-12-05 3.3 Low
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2023-36664 4 Artifex, Debian, Fedoraproject and 1 more 5 Ghostscript, Debian Linux, Fedora and 2 more 2024-12-05 7.8 High
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
CVE-2023-34672 1 Elenos 2 Etg150, Etg150 Firmware 2024-12-05 8.8 High
Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.
CVE-2023-32525 1 Trendmicro 1 Mobile Security 2024-12-05 6.5 Medium
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526.
CVE-2023-30902 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-12-05 5.5 Medium
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
CVE-2021-30205 1 Dzzoffice 1 Dzzoffice 2024-12-05 5.3 Medium
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
CVE-2024-20737 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2024-12-05 5.5 Medium
After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-51549 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 10 Critical
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2024-51550 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 10 Critical
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2023-36348 1 Codekop 1 Codekop 2024-12-05 8.8 High
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
CVE-2024-51551 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 10 Critical
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
CVE-2024-20772 3 Adobe, Apple, Microsoft 3 Media Encoder, Macos, Windows 2024-12-05 7.8 High
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-36663 1 It-novum 1 Openitcockpit 2024-12-05 8.8 High
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
CVE-2024-51543 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 8.2 High
Information Disclosure vulnerabilities allow access to application configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2023-36666 1 Inex 1 Ixp Manager 2024-12-05 6.1 Medium
INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.
CVE-2024-51545 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 10 Critical
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2023-32521 1 Trendmicro 1 Mobile Security 2024-12-05 9.1 Critical
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
CVE-2024-20771 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-12-05 5.5 Medium
Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-29068 1 Autodesk 17 Alias, Autocad, Autocad Advance Steel and 14 more 2024-12-05 7.8 High
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2024-20798 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-12-05 5.5 Medium
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.