Total
28734 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41984 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2024-09-25 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-41308 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 7.5 High |
| Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-41302 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 7.5 High |
| Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-41301 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 7.5 High |
| Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-41294 | 1 Huawei | 1 Harmonyos | 2024-09-25 | 9.8 Critical |
| The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. | ||||
| CVE-2023-41293 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 7.5 High |
| Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-40436 | 1 Apple | 1 Macos | 2024-09-25 | 9.1 Critical |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. | ||||
| CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-09-25 | 6.5 Medium |
| An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-09-25 | 6.5 Medium |
| An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | ||||
| CVE-2022-48605 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 9.8 Critical |
| Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | ||||
| CVE-2024-27808 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2024-27850 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-25 | 6.5 Medium |
| This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2024-27838 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 6.5 Medium |
| The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2024-27830 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2024-27820 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2023-34469 | 1 Ami | 1 Aptio V | 2024-09-24 | 4.9 Medium |
| AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. | ||||
| CVE-2021-35683 | 1 Oracle | 1 Essbase Administration Services | 2024-09-24 | 9.9 Critical |
| Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase Administration Services. While the vulnerability is in Oracle Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Essbase Administration Services. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2021-35686 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2024-09-24 | 4.3 Medium |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2021-35687 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2024-09-24 | 5.3 Medium |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Unified Metadata Manager). Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2022-21242 | 1 Oracle | 1 Primavera Portfolio Management | 2024-09-24 | 5.4 Medium |
| Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||