Total
5446 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-39380 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally. | ||||
CVE-2023-39394 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified. | ||||
CVE-2023-39391 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
CVE-2023-24573 | 1 Dell | 1 Command \| Monitor | 2024-08-02 | 4.7 Medium |
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | ||||
CVE-2023-22633 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-08-02 | 7.2 High |
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. | ||||
CVE-2023-21641 | 1 Qualcomm | 30 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 27 more | 2024-08-02 | 6.6 Medium |
An app with non-privileged access can change global system brightness and cause undesired system behavior. | ||||
CVE-2023-20190 | 1 Cisco | 1 Ios Xr | 2024-08-02 | 5.8 Medium |
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | ||||
CVE-2023-3599 | 1 Best Fee Management System Project | 1 Best Fee Management System | 2024-08-02 | 6.3 Medium |
A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-233450 is the identifier assigned to this vulnerability. | ||||
CVE-2023-2255 | 3 Debian, Libreoffice, Redhat | 3 Debian Linux, Libreoffice, Enterprise Linux | 2024-08-02 | 5.3 Medium |
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | ||||
CVE-2024-39670 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 6.2 Medium |
Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-32996 | 2024-08-02 | 6.2 Medium | ||
Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-22346 | 1 Ibm | 1 I | 2024-08-01 | 8.4 High |
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. | ||||
CVE-2024-21469 | 1 Qualcomm | 450 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 447 more | 2024-08-01 | 7.3 High |
Memory corruption when an invoke call and a TEE call are bound for the same trusted application. | ||||
CVE-2024-20361 | 2024-08-01 | 5.8 Medium | ||
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device. | ||||
CVE-2024-5465 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-01 | 5.9 Medium |
Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-1999-1383 | 2 Gnu, Tcsh | 2 Bash, Tcsh | 2024-08-01 | N/A |
(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. | ||||
CVE-1999-1011 | 1 Microsoft | 4 Data Access Components, Index Server, Internet Information Server and 1 more | 2024-08-01 | N/A |
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | ||||
CVE-1999-0909 | 1 Microsoft | 4 Terminal Server, Windows 95, Windows 98se and 1 more | 2024-08-01 | N/A |
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. | ||||
CVE-1999-0899 | 1 Microsoft | 1 Windows Nt | 2024-08-01 | N/A |
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. | ||||
CVE-1999-0839 | 1 Microsoft | 1 Ie | 2024-08-01 | N/A |
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. |