Total
28748 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-39044 | 1 Ajino-shiretoko Project | 1 Ajino-shiretoko | 2024-09-25 | 6.5 Medium |
An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
CVE-2022-20917 | 1 Cisco | 1 Jabber | 2024-09-25 | 4.3 Medium |
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions. | ||||
CVE-2024-40856 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-25 | 7.5 High |
An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network. | ||||
CVE-2024-40860 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
CVE-2024-40863 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-25 | 5.5 Medium |
This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information. | ||||
CVE-2023-41311 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 5.3 Medium |
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. | ||||
CVE-2024-44125 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information. | ||||
CVE-2024-44128 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper. | ||||
CVE-2024-44129 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information. | ||||
CVE-2024-44135 | 1 Apple | 1 Macos | 2024-09-25 | 5.5 Medium |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container. | ||||
CVE-2024-44176 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-09-25 | 5.5 Medium |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service. | ||||
CVE-2024-44191 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 5.5 Medium |
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth. | ||||
CVE-2024-27348 | 2 Apache, Oracle | 4 Hugegraph, Hugegraph-server, Jdk and 1 more | 2024-09-25 | 9.8 Critical |
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | ||||
CVE-2023-44172 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | ||||
CVE-2023-44171 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | ||||
CVE-2023-44170 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. | ||||
CVE-2023-44169 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | ||||
CVE-2023-44080 | 1 Pgyer | 1 Codefever | 2024-09-25 | 9.8 Critical |
An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | ||||
CVE-2023-43619 | 1 Schollz | 1 Croc | 2024-09-25 | 7.8 High |
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file. | ||||
CVE-2023-43617 | 1 Schollz | 1 Croc | 2024-09-25 | 5.3 Medium |
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name. |