Total
8795 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23302 | 2024-11-21 | 7.5 High | ||
| Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. | ||||
| CVE-2024-23235 | 2024-11-21 | 8.1 High | ||
| A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-23228 | 2024-11-21 | 4.3 Medium | ||
| This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked. | ||||
| CVE-2024-23193 | 2024-11-21 | 5.3 Medium | ||
| E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known. | ||||
| CVE-2024-23107 | 2024-11-21 | 5.2 Medium | ||
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands. | ||||
| CVE-2024-22734 | 2024-11-21 | 6.2 Medium | ||
| An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components. | ||||
| CVE-2024-22513 | 2024-11-21 | 5.5 Medium | ||
| djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. | ||||
| CVE-2024-22435 | 2024-11-21 | 8.3 High | ||
| A potential security vulnerability has been identified in Web ViewPoint Enterprise software. This vulnerability could be exploited to allow unauthorized users to access some resources on a NonStop system. | ||||
| CVE-2024-22421 | 2 Fedoraproject, Jupyter | 3 Fedora, Jupyterlab, Notebook | 2024-11-21 | 7.6 High |
| JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix. | ||||
| CVE-2024-22331 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2024-11-21 | 6.2 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. | ||||
| CVE-2024-22301 | 1 Eduva | 1 Albo Pretorio Online | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6. | ||||
| CVE-2024-22294 | 1 Ip2location | 1 Country Blocker | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3. | ||||
| CVE-2024-22270 | 2024-11-21 | 7.1 High | ||
| VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | ||||
| CVE-2024-22269 | 2024-11-21 | 7.1 High | ||
| VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | ||||
| CVE-2024-22200 | 1 Vantage6 | 1 Vantage6-ui | 2024-11-21 | 3.3 Low |
| vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0. | ||||
| CVE-2024-22154 | 1 Snpdigital | 1 Salesking | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. | ||||
| CVE-2024-22141 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | ||||
| CVE-2024-22002 | 2024-11-21 | 7.8 High | ||
| CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory. | ||||
| CVE-2024-21902 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.4 Medium |
| An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | ||||
| CVE-2024-21793 | 2024-11-21 | 7.5 High | ||
| An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||