Total
263558 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-41736 | 1 Gopiplus | 1 Email Posts To Subscribers | 2024-09-20 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions. | ||||
CVE-2023-27584 | 1 Dragonflyoss | 1 Dragonfly2 | 2024-09-20 | 9.8 Critical |
Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-50883 | 1 Onlyoffice | 2 Docs, Document Server | 2024-09-20 | 6.1 Medium |
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446. | ||||
CVE-2023-41734 | 1 Nigauri | 1 Insert Estimated Reading Time | 2024-09-20 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions. | ||||
CVE-2024-27247 | 1 Zoom | 1 Workplace Desktop | 2024-09-20 | 5.5 Medium |
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
CVE-2024-27244 | 1 Zoom | 1 Vdi Windows Meeting Client | 2024-09-20 | 6.7 Medium |
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
CVE-2024-27243 | 2024-09-20 | 6.5 Medium | ||
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access. | ||||
CVE-2024-24694 | 1 Zoom | 1 Workplace Desktop | 2024-09-20 | 5.9 Medium |
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
CVE-2024-24693 | 1 Zoom | 1 Rooms | 2024-09-20 | 7.2 High |
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. | ||||
CVE-2024-24691 | 2024-09-20 | 9.6 Critical | ||
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||||
CVE-2024-24690 | 2024-09-20 | 5.4 Medium | ||
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. | ||||
CVE-2023-49647 | 2 Microsoft, Zoom | 5 Windows, Meeting Software Development Kit, Video Software Development Kit and 2 more | 2024-09-20 | 8.8 High |
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
CVE-2023-49646 | 1 Zoom | 4 Meeting Software Development Kit, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more | 2024-09-20 | 6.4 Medium |
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. | ||||
CVE-2023-43588 | 1 Zoom | 3 Meetings, Virtual Desktop Infrastructure, Zoom | 2024-09-20 | 3.5 Low |
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | ||||
CVE-2023-43627 | 1 Furunosystems | 4 Acera 1310, Acera 1310 Firmware, Acera 1320 and 1 more | 2024-09-20 | 5.7 Medium |
Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode. | ||||
CVE-2023-27121 | 1 Pleasantsolutions | 1 Pleasant Password Server | 2024-09-20 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter. | ||||
CVE-2024-45410 | 1 Traefik | 1 Traefik | 2024-09-20 | 9.8 Critical |
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-43838 | 1 Personal-management-system | 1 Personal Management System | 2024-09-20 | 7.8 High |
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. | ||||
CVE-2023-43793 | 1 Misskey | 1 Misskey | 2024-09-20 | 7.5 High |
Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds. | ||||
CVE-2023-3769 | 1 Ingeteam | 2 Ingepac Fc5066, Ingepac Fc5066 Firmware | 2024-09-20 | 8.6 High |
Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. |