Total
29097 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38335 | 1 Omnis | 1 Studio | 2024-10-24 | 5.3 Medium |
| Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation". | ||||
| CVE-2023-38334 | 1 Omnis | 1 Studio | 2024-10-24 | 6.5 Medium |
| Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation." | ||||
| CVE-2024-41251 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-10-24 | 6.5 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | ||||
| CVE-2024-41250 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-10-24 | 5.3 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | ||||
| CVE-2023-26078 | 2 Atera, Microsoft | 3 Agent Package Availability, Atera, Windows | 2024-10-24 | 7.8 High |
| Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. | ||||
| CVE-2023-30640 | 1 Samsung | 1 Android | 2024-10-24 | 4.3 Medium |
| Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. | ||||
| CVE-2023-38195 | 1 Datalust | 1 Seq | 2024-10-24 | 4.9 Medium |
| Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account. | ||||
| CVE-2023-26077 | 2 Atera, Microsoft | 2 Atera, Windows | 2024-10-24 | 7.8 High |
| Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2023-30667 | 1 Samsung | 1 Android | 2024-10-24 | 5.1 Medium |
| Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | ||||
| CVE-2023-30671 | 1 Samsung | 1 Android | 2024-10-24 | 6.3 Medium |
| Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | ||||
| CVE-2023-30674 | 1 Samsung | 1 Internet | 2024-10-24 | 6.5 Medium |
| Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | ||||
| CVE-2024-9923 | 1 Teamplus | 1 Team\+ Pro | 2024-10-24 | 4.9 Medium |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them. | ||||
| CVE-2024-9922 | 1 Teamplus | 2 Team\+, Team\+ Pro | 2024-10-24 | 7.5 High |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | ||||
| CVE-2021-30558 | 1 Google | 1 Chrome | 2024-10-23 | 8.8 High |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) | ||||
| CVE-2024-10141 | 1 Jsbroks | 1 Coco Annotator | 2024-10-23 | 3.7 Low |
| A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-20198 | 1 Cisco | 1 Ios Xe | 2024-10-23 | 10 Critical |
| Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343. | ||||
| CVE-2023-23487 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Db2, Linux Kernel and 2 more | 2024-10-23 | 4.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918. | ||||
| CVE-2023-24490 | 1 Citrix | 2 Linux Virtual Delivery Agent, Virtual Apps And Desktops | 2024-10-23 | 6.3 Medium |
| Users with only access to launch VDA applications can launch an unauthorized desktop | ||||
| CVE-2023-36538 | 1 Zoom | 1 Rooms | 2024-10-23 | 8.4 High |
| Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2024-45519 | 1 Zimbra | 2 Collaboration, Zimbra Collaboration Suite | 2024-10-23 | 10 Critical |
| The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | ||||