Total
29097 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32651 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-10-29 | 4.3 Medium |
| Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2023-26586 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-10-29 | 4.3 Medium |
| Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-1999-0029 | 1 Sgi | 1 Irix | 2024-10-29 | 8.4 High |
| root privileges via buffer overflow in ordist command on SGI IRIX systems. | ||||
| CVE-2021-42694 | 1 Unicode | 1 Unicode | 2024-10-29 | 8.3 High |
| An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard (all versions). Unless mitigated, an adversary could produce source code identifiers using homoglyph characters that render visually identical to but are distinct from a target identifier. In this way, an adversary could inject adversarial identifier definitions in upstream software that are not detected by human reviewers and are invoked deceptively in downstream software. The Unicode Consortium has documented this class of security vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms. | ||||
| CVE-2003-0063 | 3 Redhat, Xfree86, Xfree86 Project | 4 Enterprise Linux, Linux, Xfree86 and 1 more | 2024-10-29 | 7.3 High |
| The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | ||||
| CVE-1999-0036 | 1 Sgi | 1 Irix | 2024-10-29 | 8.4 High |
| IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. | ||||
| CVE-1999-0022 | 6 Bsdi, Freebsd, Hp and 3 more | 7 Bsd Os, Freebsd, Hp-ux and 4 more | 2024-10-29 | 7.8 High |
| Local user gains root privileges via buffer overflow in rdist, via expstr() function. | ||||
| CVE-1999-0006 | 1 Qualcomm | 1 Qpopper | 2024-10-29 | 9.8 Critical |
| Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. | ||||
| CVE-2023-35870 | 1 Sap | 1 S4core | 2024-10-29 | 6.3 Medium |
| When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable. | ||||
| CVE-2024-41517 | 1 Mecodia | 1 Feripro | 2024-10-28 | 5.3 Medium |
| An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges. | ||||
| CVE-2023-46765 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-28 | 7.5 High |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | ||||
| CVE-2024-6010 | 1 Stylemixthemes | 2 Cost Calculator Builder, Cost Calculator Builder Pro | 2024-10-28 | 5.3 Medium |
| The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17. | ||||
| CVE-2024-5661 | 1 Citrix | 2 Hypervisor, Xenserver | 2024-10-28 | 6 Medium |
| An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. | ||||
| CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-10-28 | 7.5 High |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | ||||
| CVE-2023-3253 | 1 Tenable | 1 Nessus | 2024-10-28 | 4.3 Medium |
| An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. | ||||
| CVE-2023-34472 | 1 Ami | 1 Megarac Sp-x | 2024-10-28 | 5.7 Medium |
| AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity. | ||||
| CVE-2023-34429 | 1 Weintek | 1 Weincloud | 2024-10-28 | 7.5 High |
| Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token. | ||||
| CVE-2023-30946 | 1 Palantir | 1 Foundry Issues | 2024-10-28 | 3.5 Low |
| A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. | ||||
| CVE-2023-24486 | 1 Citrix | 1 Workspace | 2024-10-25 | 5.5 Medium |
| A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | ||||
| CVE-2024-43173 | 1 Ibm | 1 Concert | 2024-10-25 | 3.7 Low |
| IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | ||||