Total
277439 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-7015 | 1 Profelis | 1 Passbox | 2024-09-23 | 9.8 Critical |
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. | ||||
CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-09-21 | 9.4 Critical |
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | ||||
CVE-2024-37068 | 1 Ibm | 1 Maximo Application Suite | 2024-09-21 | 5.9 Medium |
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. | ||||
CVE-2024-35136 | 1 Ibm | 1 Db2 | 2024-09-21 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307. | ||||
CVE-2024-35133 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-09-21 | 6.8 Medium |
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
CVE-2024-31882 | 1 Ibm | 1 Db2 | 2024-09-21 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614. | ||||
CVE-2024-28799 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | 5.6 Medium |
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. | ||||
CVE-2024-25024 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | 5.5 Medium |
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. | ||||
CVE-2023-47728 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | 6.5 Medium |
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201. | ||||
CVE-2022-43915 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2024-09-21 | 6.8 Medium |
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges. | ||||
CVE-2022-38382 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | 4.7 Medium |
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672. | ||||
CVE-2024-38877 | 1 Siemens | 10 Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System and 7 more | 2024-09-20 | 8.2 High |
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network. | ||||
CVE-2024-38879 | 1 Siemens | 2 Omnivise T3000, Omnivise T3000 Application Server | 2024-09-20 | 7.5 High |
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application. | ||||
CVE-2024-8875 | 1 Wcms | 1 Wcms | 2024-09-20 | 5.4 Medium |
A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-8752 | 3 Beijerelectronics, Microsoft, Smart-hmi | 3 Webiq, Windows, Webiq | 2024-09-20 | 7.5 High |
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. | ||||
CVE-2024-46958 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-09-20 | 9.1 Critical |
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4. | ||||
CVE-2024-45595 | 1 Man | 1 D-tale | 2024-09-20 | 6.1 Medium |
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default. | ||||
CVE-2024-45593 | 1 Nixos | 1 Nix | 2024-09-20 | 9.1 Critical |
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6. | ||||
CVE-2024-45592 | 1 Damienharper | 1 Auditor-bundle | 2024-09-20 | 8.2 High |
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_label%` in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in versions 6.0.0 and 5.2.6. | ||||
CVE-2024-45591 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2024-09-20 | 5.3 Medium |
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1. |