Total
28748 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-43619 | 1 Schollz | 1 Croc | 2024-09-25 | 7.8 High |
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file. | ||||
CVE-2023-43617 | 1 Schollz | 1 Croc | 2024-09-25 | 5.3 Medium |
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name. | ||||
CVE-2023-43498 | 1 Jenkins | 1 Jenkins | 2024-09-25 | 8.1 High |
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | ||||
CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2024-09-25 | 9.8 Critical |
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | ||||
CVE-2023-43323 | 1 Moosocial | 1 Moosocial | 2024-09-25 | 6.5 Medium |
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. | ||||
CVE-2023-43234 | 1 Dedebiz | 1 Dedebiz | 2024-09-25 | 9.8 Critical |
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | ||||
CVE-2023-43222 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | ||||
CVE-2023-43216 | 1 Seacms | 1 Seacms | 2024-09-25 | 9.8 Critical |
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | ||||
CVE-2023-41984 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2024-09-25 | 7.8 High |
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2023-41308 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 7.5 High |
Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
CVE-2023-41302 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 7.5 High |
Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
CVE-2023-41301 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 7.5 High |
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
CVE-2023-41294 | 1 Huawei | 1 Harmonyos | 2024-09-25 | 9.8 Critical |
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. | ||||
CVE-2023-41293 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 7.5 High |
Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
CVE-2023-40436 | 1 Apple | 1 Macos | 2024-09-25 | 9.1 Critical |
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. | ||||
CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-09-25 | 6.5 Medium |
An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-09-25 | 6.5 Medium |
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | ||||
CVE-2022-48605 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | 9.8 Critical |
Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | ||||
CVE-2024-27808 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-09-25 | 8.8 High |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. | ||||
CVE-2024-27850 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-25 | 6.5 Medium |
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user. |