Total
277433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-20 | 8.8 High |
| Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-11364 | 2024-12-20 | N/A | ||
| Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||
| CVE-2024-54009 | 2024-12-20 | 4 Medium | ||
| Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. | ||||
| CVE-2024-23278 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-20 | 8.6 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. | ||||
| CVE-2023-28826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-20 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data. | ||||
| CVE-2024-23231 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-20 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data. | ||||
| CVE-2024-23246 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-20 | 8.6 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. | ||||
| CVE-2024-23259 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-20 | 6.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. | ||||
| CVE-2024-23225 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-20 | 7.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | ||||
| CVE-2024-23235 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-20 | 4.7 Medium |
| A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-23257 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-20 | 3.3 Low |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory. | ||||
| CVE-2024-12678 | 2024-12-20 | 6.5 Medium | ||
| Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. | ||||
| CVE-2024-28892 | 2 Gocast, Mayuresh82 | 2 Gocast, Gocast | 2024-12-20 | 9.8 Critical |
| An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-21855 | 2 Gocast, Mayuresh82 | 2 Gocast, Gocast | 2024-12-20 | 9.8 Critical |
| A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-11776 | 2024-12-20 | 6.4 Medium | ||
| The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-37085 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-12-20 | 6.8 Medium |
| VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | ||||
| CVE-2024-37383 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-12-20 | 6.1 Medium |
| Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | ||||
| CVE-2024-32113 | 1 Apache | 1 Ofbiz | 2024-12-20 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | ||||
| CVE-2024-23296 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2024-12-20 | 7.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | ||||
| CVE-2024-9474 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-20 | 7.2 High |
| A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | ||||