Total
28533 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-0009 | 1 Paloaltonetworks | 1 Globalprotect | 2024-08-02 | 7.8 High |
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. | ||||
CVE-2023-0004 | 2 Fedoraproject, Paloaltonetworks | 2 Fedora, Pan-os | 2024-08-02 | 6.5 Medium |
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. | ||||
CVE-2024-40767 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-08-02 | 6.5 Medium |
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498. | ||||
CVE-2024-40575 | 1 Huawei | 1 Opengauss | 2024-08-02 | 5.5 Medium |
An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes | ||||
CVE-2024-40614 | 1 Egroupware | 1 Egroupware | 2024-08-02 | 9.8 Critical |
EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting. | ||||
CVE-2024-40547 | 1 Publiccms | 1 Publiccms | 2024-08-02 | 6.5 Medium |
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace. | ||||
CVE-2024-40552 | 1 Publiccms | 1 Publiccms | 2024-08-02 | 8.8 High |
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | ||||
CVE-2024-40520 | 1 Seacms | 1 Seacms | 2024-08-02 | 8.8 High |
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | ||||
CVE-2024-40519 | 1 Seacms | 1 Seacms | 2024-08-02 | 8.8 High |
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | ||||
CVE-2024-40518 | 1 Seacms | 1 Seacms | 2024-08-02 | 7.2 High |
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | ||||
CVE-2024-40522 | 1 Seacms | 1 Seacms | 2024-08-02 | 8.8 High |
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. | ||||
CVE-2024-40521 | 1 Seacms | 1 Seacms | 2024-08-02 | 8.8 High |
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
CVE-2024-39729 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-08-02 | 4.3 Medium |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968. | ||||
CVE-2024-39807 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 3.1 Low |
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels. | ||||
CVE-2024-39674 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 6.2 Medium |
Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-39740 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-08-02 | 4.3 Medium |
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009. | ||||
CVE-2024-39670 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 6.2 Medium |
Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-39673 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 6.8 Medium |
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-39672 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 8.4 High |
Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | ||||
CVE-2024-39481 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in media_pipeline_start The graph walk tries to follow all links, even if they are not between pads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link. Fix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK links. |