Total
28525 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42508 | 1 Jfrog | 1 Artifactory | 2024-09-19 | 6.5 Medium |
| JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body. | ||||
| CVE-2023-30692 | 1 Samsung | 1 Android | 2024-09-19 | 8.5 High |
| Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30727 | 1 Samsung | 1 Android | 2024-09-19 | 6.7 Medium |
| Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction. | ||||
| CVE-2023-30731 | 1 Samsung | 1 Android | 2024-09-19 | 5.7 Medium |
| Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type. | ||||
| CVE-2023-30732 | 1 Samsung | 1 Android | 2024-09-19 | 5.5 Medium |
| Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number. | ||||
| CVE-2023-30736 | 1 Samsung | 1 Samsung Assistant | 2024-09-19 | 4.4 Medium |
| Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required. | ||||
| CVE-2022-22447 | 1 Ibm | 1 Disconnected Log Collector | 2024-09-19 | 4 Medium |
| IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648. | ||||
| CVE-2023-37404 | 1 Ibm | 1 Observability With Instana | 2024-09-19 | 6.4 Medium |
| IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789. | ||||
| CVE-2023-30738 | 1 Samsung | 8 Galaxy Book, Galaxy Book Firmware, Galaxy Book Odyssey and 5 more | 2024-09-19 | 5.5 Medium |
| An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption. | ||||
| CVE-2023-26238 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2024-09-19 | 5.5 Medium |
| An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe. | ||||
| CVE-2023-38701 | 1 Iohk | 1 Hydra | 2024-09-19 | 9.1 Critical |
| Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the `commit` validator, where they remain until they are either collected into the `head` validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the `commit` validator contains a flawed check when the `ViaAbort` redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The `initial` validator also is similarly affected as the same flawed check is performed for the `ViaAbort` redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the `head` validator. Version 0.12.0 contains a fix for this issue. | ||||
| CVE-2023-45374 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | 5.3 Medium |
| An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams. | ||||
| CVE-2023-45372 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | 5.3 Medium |
| An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter). | ||||
| CVE-2023-45370 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | 5.3 Medium |
| An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams. | ||||
| CVE-2024-46681 | 1 Linux | 1 Linux Kernel | 2024-09-19 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_each_online_cpu(cpu) loop. While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood. | ||||
| CVE-2023-45367 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | 6.5 Medium |
| An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service. | ||||
| CVE-2024-40865 | 1 Apple | 1 Visionos | 2024-09-19 | 5.3 Medium |
| The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona. | ||||
| CVE-2024-46706 | 1 Linux | 1 Linux Kernel | 2024-09-19 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel sometimes boot hang. It is because normal console still is not ready, but runtime suspend is called, so early console putchar will hang in waiting TRDE set in UARTSTAT. The lpuart driver has auto suspend delay set to 3000ms, but during uart_add_one_port, a child device serial ctrl will added and probed with its pm runtime enabled(see serial_ctrl.c). The runtime suspend call path is: device_add |-> bus_probe_device |->device_initial_probe |->__device_attach |-> pm_runtime_get_sync(dev->parent); |-> pm_request_idle(dev); |-> pm_runtime_put(dev->parent); So in the end, before normal console ready, the lpuart get runtime suspended. And earlycon putchar will hang. To address the issue, mark last busy just after pm_runtime_enable, three seconds is long enough to switch from bootconsole to normal console. | ||||
| CVE-2023-45198 | 1 Netbsd | 2 Ftpd, Tnftpd | 2024-09-19 | 7.5 High |
| ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable. | ||||
| CVE-2024-38103 | 1 Microsoft | 2 Edge, Edge Chromium | 2024-09-19 | 5.9 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||