Total
263476 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-47058 | 2024-09-19 | 2.9 Low | ||
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. | ||||
CVE-2024-47050 | 2024-09-19 | 5.4 Medium | ||
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | ||||
CVE-2023-40634 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-19 | 7.8 High |
In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
CVE-2021-27917 | 2024-09-19 | 7.3 High | ||
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | ||||
CVE-2020-27213 | 1 Ethernut | 1 Nut\/os | 2024-09-19 | 7.5 High |
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528. | ||||
CVE-2024-47059 | 2024-09-19 | 0 Low | ||
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration. | ||||
CVE-2023-45349 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-09-19 | 7.5 High |
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722. | ||||
CVE-2023-45350 | 1 Atos | 1 Unify Openscape 4000 Manager | 2024-09-19 | 8.8 High |
Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. This is also known as OSFOURK-24034. | ||||
CVE-2023-45351 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-09-19 | 8.8 High |
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039. | ||||
CVE-2023-45355 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-09-19 | 8.8 High |
Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120. | ||||
CVE-2023-45352 | 1 Atos | 1 Unify Openscape Common Management | 2024-09-19 | 8.8 High |
Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592. | ||||
CVE-2023-4678 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
CVE-2023-4681 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
CVE-2023-4682 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
CVE-2023-4683 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
CVE-2023-4720 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
CVE-2023-4721 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
CVE-2023-4722 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
CVE-2023-4754 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
CVE-2023-44811 | 1 Moosocial | 1 Moosocial | 2024-09-19 | 8.8 High |
Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. |