Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9925 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-08-04 | 6.1 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2020-9805 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-08-04 | 7.1 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2020-7955 | 1 Hashicorp | 1 Consul | 2024-08-04 | 5.3 Medium |
| HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. | ||||
| CVE-2022-32933 | 2 Apple, Redhat | 2 Macos, Enterprise Linux | 2024-08-03 | 5.3 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | ||||
| CVE-2023-48951 | 1 Openlinksw | 1 Virtuoso | 2024-08-02 | 7.5 High |
| An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-5921 | 1 Decesoftware | 1 Geodi | 2024-08-02 | 7.1 High |
| Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396. | ||||
| CVE-2023-4181 | 1 Mayurik | 1 Free Hospital Management System For Small Practices | 2024-08-02 | 5.4 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216. | ||||
| CVE-2023-1383 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2024-08-02 | 5.4 Medium |
| An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | ||||
| CVE-2023-0105 | 1 Redhat | 4 Keycloak, Red Hat Single Sign On, Rhosemc and 1 more | 2024-08-02 | 6.5 Medium |
| A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them. | ||||
| CVE-2024-37296 | 2024-08-02 | 5.3 Medium | ||
| The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue. | ||||