Total
277464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40842 | 1 Apple | 1 Macos | 2024-09-24 | 5.5 Medium |
| An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
| CVE-2024-40770 | 1 Apple | 1 Macos | 2024-09-24 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings. | ||||
| CVE-2024-8947 | 1 Micropython | 1 Micropython | 2024-09-24 | 5.6 Medium |
| A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed. | ||||
| CVE-2024-8946 | 1 Micropython | 1 Micropython | 2024-09-24 | 7.3 High |
| A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read. | ||||
| CVE-2022-25775 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2024-09-23 | 6.6 Medium |
| Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. | ||||
| CVE-2022-25774 | 1 Acquia | 1 Mautic | 2024-09-23 | 4.8 Medium |
| Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. | ||||
| CVE-2024-8660 | 1 Concretecms | 1 Concrete Cms | 2024-09-23 | 4.8 Medium |
| Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . This does not affect versions below 9.0.0 since they do not have the Top Navigator Bar Block. Thanks, Chu Quoc Khanh for reporting. | ||||
| CVE-2024-40790 | 1 Apple | 1 Visionos | 2024-09-23 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory. | ||||
| CVE-2024-6658 | 1 Kemptechnologies | 2 Loadmaster, Loadmaster Mt | 2024-09-23 | 8.4 High |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive) From 7.2.49.0 to 7.2.54.11 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.11 and all prior versions ECS All prior versions to 7.2.60.0 (inclusive) | ||||
| CVE-2024-27795 | 1 Apple | 1 Macos | 2024-09-23 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet. | ||||
| CVE-2024-27858 | 1 Apple | 1 Macos | 2024-09-23 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | ||||
| CVE-2024-23237 | 1 Apple | 1 Macos | 2024-09-23 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service. | ||||
| CVE-2024-45612 | 1 Contao | 1 Contao | 2024-09-23 | 5.3 Medium |
| Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings. | ||||
| CVE-2024-40826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-23 | 6.1 Medium |
| A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview. | ||||
| CVE-2024-40830 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-23 | 3.3 Low |
| This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2024-40831 | 1 Apple | 1 Macos | 2024-09-23 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library. | ||||
| CVE-2024-27860 | 1 Apple | 1 Macos | 2024-09-23 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. | ||||
| CVE-2024-40837 | 1 Apple | 1 Macos | 2024-09-23 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | ||||
| CVE-2024-8907 | 1 Google | 1 Chrome | 2024-09-23 | 6.1 Medium |
| Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2024-8951 | 2 Oretnom23, Sourcecodester | 2 Resort Reservation System, Resort Reservation System | 2024-09-23 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||