Total 277677 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-42475 2024-08-19 6.5 Medium
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected resources. While `state` isn't exactly a cryptographic value, it should be generated in a cryptographically secure way. `generateState` should be using a CSPRNG. Version 0.11 modifies the `generateState` function to generate `state` values of at least 128 bits of entropy while using a CSPRNG.
CVE-2024-43281 2024-08-19 5.3 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.3.
CVE-2024-43256 2024-08-19 7.1 High
Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
CVE-2023-24062 1 Dieboldnixdorf 1 Vynamic Security Suite 2024-08-19 6.8 Medium
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2023-24063 1 Dieboldnixdorf 1 Vynamic Security Suite 2024-08-19 6.8 Medium
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2023-24064 1 Dieboldnixdorf 1 Vynamic Security Suite 2024-08-19 6.8 Medium
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2023-28865 1 Dieboldnixdorf 1 Vynamic Security Suite 2024-08-19 6.6 Medium
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2023-33206 1 Dieboldnixdorf 1 Vynamic Security Suite 2024-08-19 7.5 High
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2023-40261 1 Dieboldnixdorf 1 Vynamic Security Suite 2024-08-19 4.6 Medium
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2024-20789 1 Adobe 1 Dimension 2024-08-19 7.8 High
Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20790 1 Adobe 1 Dimension 2024-08-19 5.5 Medium
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-34124 1 Adobe 1 Dimension 2024-08-19 7.8 High
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-34125 1 Adobe 1 Dimension 2024-08-19 5.5 Medium
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-34126 1 Adobe 1 Dimension 2024-08-19 5.5 Medium
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-41840 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-08-19 7.8 High
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39386 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-08-19 7.8 High
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39387 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-08-19 5.5 Medium
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-7907 1 Totolink 2 X6000r, X6000r Firmware 2024-08-19 6.3 Medium
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7908 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-08-19 8.8 High
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7910 2 Codeastro, Online Railway Reservation System Project 2 Online Railway Reservation System, Online Railway Reservation System 2024-08-19 4.7 Medium
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.