Total
28734 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44125 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information. | ||||
| CVE-2024-44128 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper. | ||||
| CVE-2024-44129 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information. | ||||
| CVE-2024-44135 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container. | ||||
| CVE-2024-44176 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-09-25 | 5.5 Medium |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service. | ||||
| CVE-2024-44191 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth. | ||||
| CVE-2024-27348 | 2 Apache, Oracle | 4 Hugegraph, Hugegraph-server, Jdk and 1 more | 2024-09-25 | 9.8 Critical |
| RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | ||||
| CVE-2023-44172 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | ||||
| CVE-2023-44171 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | ||||
| CVE-2023-44170 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. | ||||
| CVE-2023-44169 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | ||||
| CVE-2023-44080 | 1 Pgyer | 1 Codefever | 2024-09-25 | 9.8 Critical |
| An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | ||||
| CVE-2023-43619 | 1 Schollz | 1 Croc | 2024-09-25 | 7.8 High |
| An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file. | ||||
| CVE-2023-43617 | 1 Schollz | 1 Croc | 2024-09-25 | 5.3 Medium |
| An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name. | ||||
| CVE-2023-43498 | 1 Jenkins | 1 Jenkins | 2024-09-25 | 8.1 High |
| In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | ||||
| CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2024-09-25 | 9.8 Critical |
| An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | ||||
| CVE-2023-43323 | 1 Moosocial | 1 Moosocial | 2024-09-25 | 6.5 Medium |
| mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. | ||||
| CVE-2023-43234 | 1 Dedebiz | 1 Dedebiz | 2024-09-25 | 9.8 Critical |
| DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | ||||
| CVE-2023-43222 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
| SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | ||||
| CVE-2023-43216 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | ||||