Total
263578 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44445 | 2024-09-20 | N/A | ||
| An issue was discovered in BSC Smart Contract 0x0506e571aba3dd4c9d71bed479a4e6d40d95c833. Attackers are able to perform state manipulation attacks by borrowing a large amount of money and then using this amount to inflate the token balance in the token pair, leading to increased profits without cost. | ||||
| CVE-2024-45416 | 1 Zte | 10 Zxhn E1600 Firmware, Zxhn E2603 Firmware, Zxhn E2615 Firmware and 7 more | 2024-09-20 | 8.1 High |
| The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root. | ||||
| CVE-2024-42796 | 1 Kashipara | 1 Music Management System | 2024-09-20 | 5.9 Medium |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. | ||||
| CVE-2024-45413 | 1 Zte | 10 Zxhn E1600 Firmware, Zxhn E2603 Firmware, Zxhn E2615 Firmware and 7 more | 2024-09-20 | 8.1 High |
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability. | ||||
| CVE-2024-45415 | 1 Zte | 10 Zxhn E1600 Firmware, Zxhn E2603 Firmware, Zxhn E2615 Firmware and 7 more | 2024-09-20 | 9.8 Critical |
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. | ||||
| CVE-2024-44202 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-20 | 5.3 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication. | ||||
| CVE-2024-44127 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-20 | 5.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication. | ||||
| CVE-2024-42794 | 1 Kashipara | 1 Music Management System | 2024-09-20 | 4.7 Medium |
| Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | ||||
| CVE-2024-45496 | 1 Redhat | 1 Openshift | 2024-09-20 | 9.9 Critical |
| A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||
| CVE-2024-8043 | 1 Wordpress Plugin | 1 Vikinghammer Tweet | 2024-09-20 | 5.7 Medium |
| The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8052 | 1 Joen | 1 Review Ratings | 2024-09-20 | 4.8 Medium |
| The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8091 | 1 Jupitercow | 1 Enhanced Search Box | 2024-09-20 | 4.8 Medium |
| The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-27795 | 2024-09-20 | N/A | ||
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet. | ||||
| CVE-2024-27876 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-20 | 8.1 High |
| A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | ||||
| CVE-2024-27880 | 2024-09-20 | N/A | ||
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination. | ||||
| CVE-2024-40841 | 1 Apple | 1 Macos | 2024-09-20 | 7.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination. | ||||
| CVE-2024-40843 | 2024-09-20 | N/A | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-44147 | 1 Apple | 1 Ios And Ipados | 2024-09-20 | 7.7 High |
| This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network. | ||||
| CVE-2024-44149 | 2024-09-20 | N/A | ||
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | ||||
| CVE-2024-44177 | 2024-09-20 | N/A | ||
| A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||