Total
284430 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44253 | 1 Apple | 1 Macos | 2024-10-30 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-44213 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker in a privileged network position may be able to leak sensitive user information. | ||||
| CVE-2024-44208 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2024-44137 | 1 Apple | 1 Macos | 2024-10-30 | 4.6 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An attacker with physical access may be able to share items from the lock screen. | ||||
| CVE-2024-40855 | 1 Apple | 1 Macos | 2024-10-30 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data. | ||||
| CVE-2023-20512 | 2024-10-30 | 1.9 Low | ||
| A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage. | ||||
| CVE-2024-46276 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2024-10-30 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. | ||||
| CVE-2024-46274 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2024-10-30 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. | ||||
| CVE-2024-46267 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2024-10-30 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h. | ||||
| CVE-2024-46264 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2024-10-30 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. | ||||
| CVE-2024-46263 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2024-10-30 | 7.8 High |
| cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h. | ||||
| CVE-2024-46261 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2024-10-30 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h. | ||||
| CVE-2024-46259 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2024-10-30 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h. | ||||
| CVE-2024-46258 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2024-10-30 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h. | ||||
| CVE-2024-9231 | 1 Butlerblog | 1 Wp-members | 2024-10-30 | 6.1 Medium |
| The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-10379 | 1 Esafenet | 1 Cdg | 2024-10-30 | 4.3 Medium |
| A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-28077 | 1 Gl-inet | 36 A1300, A1300 Firmware, Ar300m and 33 more | 2024-10-30 | 7.5 High |
| A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16. | ||||
| CVE-2024-44285 | 1 Apple | 5 Ipados, Iphone Os, Tvos and 2 more | 2024-10-30 | 8.4 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2024-10430 | 1 Codezips | 1 Pet Shop Management System | 2024-10-30 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44284 | 1 Apple | 1 Macos | 2024-10-30 | 6.5 Medium |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a maliciously crafted file may lead to an unexpected app termination. | ||||