Total
263561 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-0218 | 1 Nozominetworks | 1 Guardian | 2024-09-20 | 7.5 High |
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted. | ||||
CVE-2023-49000 | 1 Artistscope | 1 Artisbrowser | 2024-09-20 | 9.8 Critical |
An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3. | ||||
CVE-2023-2567 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-09-20 | 8.8 High |
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Authenticated users may be able to execute arbitrary SQL statements on the DBMS used by the web application. | ||||
CVE-2023-24477 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-09-20 | 7 High |
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session. | ||||
CVE-2024-3153 | 1 Mintplexlabs | 1 Anythingllm | 2024-09-20 | 6.5 Medium |
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request. | ||||
CVE-2023-40199 | 1 Crudlab | 1 Wp Like Button | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. | ||||
CVE-2023-40212 | 1 Multidots | 1 Product Attachment For Woocommerce | 2024-09-20 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions. | ||||
CVE-2023-39159 | 1 Multidots | 1 Fraud Prevention For Woocommerce | 2024-09-20 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions. | ||||
CVE-2024-45752 | 1 Pixlone | 1 Logiops | 2024-09-20 | 8.5 High |
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction. | ||||
CVE-2023-41693 | 1 Plainviewplugins | 1 Mycryptocheckout | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. | ||||
CVE-2023-36618 | 1 Unify | 1 Session Border Controller | 2024-09-20 | 8.8 High |
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users. | ||||
CVE-2023-41244 | 1 Buildfail | 1 Localize Remote Images | 2024-09-20 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions. | ||||
CVE-2023-39158 | 1 Multidots | 1 Banner Management For Woocommerce | 2024-09-20 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions. | ||||
CVE-2023-44214 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-09-20 | 5.5 Medium |
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | ||||
CVE-2023-45240 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-09-20 | 5.5 Medium |
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | ||||
CVE-2023-45241 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-09-20 | 5.5 Medium |
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391. | ||||
CVE-2024-27365 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2024-09-20 | 4.4 Medium |
An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_blockack_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read. | ||||
CVE-2024-45861 | 1 Kastlesystems | 1 Access Control System Firmware | 2024-09-20 | N/A |
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. | ||||
CVE-2024-45862 | 1 Kastlesystems | 1 Access Control System Firmware | 2024-09-20 | N/A |
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. | ||||
CVE-2024-41958 | 1 Mailcow | 1 Mailcow\ | 2024-09-20 | 6.6 Medium |
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwise secured with 2FA. To exploit this vulnerability, the attacker must first have access to an account within the system and possess the credentials of the target account that has 2FA enabled. By leveraging these credentials, the attacker can circumvent the 2FA process and gain access to the protected account. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability. |