Total
263561 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-9043 | 1 Cellopoint | 1 Secure Email Gateway | 2024-09-20 | 9.8 Critical |
Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system administrator privileges. | ||||
CVE-2024-1578 | 2 Nt-ware, Rfideas | 6 Micard Plus Ble, Micard Plus Ci, Micard Plus Ble and 3 more | 2024-09-20 | 5.3 Medium |
The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function. | ||||
CVE-2024-9003 | 1 Jinan Chicheng Company | 1 Jflow | 2024-09-20 | 4.3 Medium |
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.do of the component Attachment Handler. The manipulation of the argument oid leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-21145 | 3 Netapp, Oracle, Redhat | 15 Bluexp, Cloud Insights Storage Workload Security Agent, Oncommand Insight and 12 more | 2024-09-20 | 4.8 Medium |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
CVE-2024-46984 | 1 Gematik | 1 App-referencevalidator | 2024-09-20 | 8.6 High |
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to `XML External Entities` attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a `Server Side Request Forgery` attack. The vulnerability impacts applications which use referencevalidator to process XML resources from untrusted sources. The problem has been patched with the 2.5.1 version of the referencevalidator. Users are strongly recommended to update to this version or a more recent one. A pre-processing or manual analysis of input XML resources on existence of DTD definitions or external entities can mitigate the problem. | ||||
CVE-2024-6948 | 1 Gargaj | 1 Wuhu | 2024-09-20 | 6.3 Medium |
A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272070 is the identifier assigned to this vulnerability. | ||||
CVE-2024-7207 | 1 Redhat | 1 Service Mesh | 2024-09-20 | 8.2 High |
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to forge what is logged by Envoy as a requested path and cause the Envoy proxy to make requests to internal-only services or arbitrary external systems. This is a regression of the fix for CVE-2023-27487. | ||||
CVE-2024-9006 | 1 Jeanmarc77 | 1 123solar | 2024-09-20 | 6.3 Medium |
A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/config_invt1.php. The manipulation of the argument PASSOx leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as f4a8c748ec436e5a79f91ccb6a6f73752b336aa5. It is recommended to apply a patch to fix this issue. | ||||
CVE-2024-6949 | 1 Gargaj | 1 Wuhu | 2024-09-20 | 4.3 Medium |
A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?edit=News. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272071. | ||||
CVE-2024-9007 | 1 Jeanmarc77 | 1 123solar | 2024-09-20 | 3.5 Low |
A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 94bf9ab7ad0ccb7fbdc02f172f37f0e2ea08d48f. It is recommended to apply a patch to fix this issue. | ||||
CVE-2024-43489 | 1 Microsoft | 1 Edge Chromium | 2024-09-20 | 6.5 Medium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
CVE-2024-43496 | 1 Microsoft | 1 Edge Chromium | 2024-09-20 | 6.5 Medium |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
CVE-2023-41733 | 1 Yydevelopment | 1 Back To The Top Button | 2024-09-20 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions. | ||||
CVE-2024-40125 | 1 Closedlooptechnology | 1 Cless Server | 2024-09-20 | 9.8 Critical |
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. | ||||
CVE-2024-33109 | 1 Ergophone | 1 Tiptel Ip 286 Firmware | 2024-09-20 | 9.9 Critical |
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | ||||
CVE-2024-46978 | 1 Xwiki | 1 Xwiki-platform | 2024-09-20 | 6.5 Medium |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. | ||||
CVE-2023-35803 | 1 Extremenetworks | 29 Ap1130, Ap122, Ap130 and 26 more | 2024-09-20 | 9.8 Critical |
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. | ||||
CVE-2024-9009 | 1 Code-projects | 1 Online Quiz Site | 2024-09-20 | 6.3 Medium |
A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0. This issue affects some unknown processing of the file showtest.php. The manipulation of the argument subid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-46970 | 1 Jetbrains | 1 Intellij Idea | 2024-09-20 | 3.3 Low |
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | ||||
CVE-2023-41729 | 1 Pressified | 1 Sendpress | 2024-09-20 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. |